23542300x80000000000000009226Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:33.516{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF3CDAA883075A57127B82886D8F6D9C,SHA256=FD273C0CFB91AEFAE2A18CFAA5C2F7D0144CCA9A2894C27C92666835E671C5EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:33.478{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D83B8D62D092108A60E4F0128A3B191,SHA256=2F12A3ACA1D14AC250FAF91CD59B001560A1FB5C6EAEDD90EF702181B6AC1AA3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:30.834{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50267-false10.0.1.12-8000- 10341000x80000000000000009231Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:34.641{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009230Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:34.641{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009229Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:34.641{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000009228Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:32.112{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50015-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009227Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:34.516{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A84B0D16C4EC0E6A0A59B47D093B0DB,SHA256=6EFE592DCCE026C3E2C6A67E73C1248E9324148AA0FD73F74B062454A99515B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:34.494{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47DED004C882C898D065FE75BAD177D1,SHA256=F508474557F2318916E56A4248062147EFB61CD58C40806574F7B0B3AC519EA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:35.525{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8A400198DE3D2FD95ABDFE121E80817,SHA256=E13D042B505FBBD6287C57D26EE114535210D2A6C40D420E6C1762D14C34B73A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009232Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:35.532{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40B19CE12583D552163CD497643E64CA,SHA256=81112C0C805FD1CA1A59CA3780651DE46651CE4F0B307B74F344772682993EF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009233Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:36.548{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01480F64C6E11D459A01E4D13E3703BA,SHA256=95FD9A31B6028F54F09E83ABE07F2B1A71CB1466A67E633A81C639750F773FD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:36.556{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1661E4D862FF745E6A4E7A301E1D288D,SHA256=106B4DCC93405E659620AFDA0AE7C4022134D6689057E19208CEC025A280B74F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009234Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:37.548{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=601EEEDB1E17A193D4C9F45B3B7A4BDE,SHA256=4E7BC35291C7807C143603D4490324A38AB296FEE00B37864F227BE5DCFF674A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:37.572{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=036E673317C3E5CE8ABF9D2EA156550A,SHA256=27808D3E181E1B6EFC050CF20911F98490EE13C52CAE6C09D42A71EE0837B5E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:38.968{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:38.593{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=692310880F9690EB0DAA9660442A7230,SHA256=35F9BC4845A69C1DF974FA861FB00C55F3C694A94DDF80C3D11CADDA622E876A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009235Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:38.553{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3CBCD1A08538E46CDAD200566987E5C,SHA256=D7E2A4BB1575470E30AA70E2ACC769FCB8BF3CE0645D0CA97370A7AE9827AA00,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:36.678{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50268-false10.0.1.12-8000- 23542300x800000000000000025248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:39.609{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23FC68A72088F9E1B6A2A0917E271ED4,SHA256=308A7A7C4D7B4C9509F1D6BAAD38246BC0F6AD33E060A3387629D32A5FFFCF00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009236Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:39.553{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7ED93F7EDAF3465A5E30F0154DCDFF22,SHA256=9534848C6E0CF1A3CEC25D37F9D3425150FEFADB43715C7AA5CDD600379A7064,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:36.977{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50269-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x800000000000000025246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:36.977{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50269-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x80000000000000009238Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:38.039{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50016-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009237Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:40.553{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D006D6907771EC75850AE4CB209541A5,SHA256=EFD8F57C69405F3FB7C7BBAD129280C370B7402190A0EA9A88085F00AEF7DCC6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.906{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0448-615C-6F05-00000000FB01}3200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.906{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.906{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.906{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.906{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.906{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0448-615C-6F05-00000000FB01}3200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.906{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0448-615C-6F05-00000000FB01}3200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.906{6EDEAD03-0448-615C-6F05-00000000FB01}3200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.609{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15D941E753AD22CD8E9008F53BABEB3D,SHA256=F4807CAE721EF6510BE9A29F54C22535E13C459543C017DB341FF25F9F5E744D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.234{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0448-615C-6E05-00000000FB01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.234{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.234{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.234{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.234{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.234{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0448-615C-6E05-00000000FB01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.234{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0448-615C-6E05-00000000FB01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:40.234{6EDEAD03-0448-615C-6E05-00000000FB01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009239Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:41.553{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=013CE9143515DC10873A899C5EB1082C,SHA256=9BAE876FE99C585AC9BBACF6D3526B3CA881464BE5B7492C3E175B3FA96D1856,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.640{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF1A0699E8E058486A3AB8AD2CB2DF5D,SHA256=E155D6856FD3D184C05F1290EAF1A75E7804EFDEE01EF4DBE2D57B7B41D9D25E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.578{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0449-615C-7005-00000000FB01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.578{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.578{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.578{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.578{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.578{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0449-615C-7005-00000000FB01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.578{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0449-615C-7005-00000000FB01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.578{6EDEAD03-0449-615C-7005-00000000FB01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000025269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:38.558{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50270-false10.0.1.12-8089- 23542300x800000000000000025268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.249{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=618DCFB72C1A5E7B055BBA601CE46335,SHA256=78F601D25F634B61C8529A686E2E675C4AECEFBFB8FA73D58F33B7820700ED74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.249{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F6225CD400D30735B5E2870D157E426E,SHA256=F99749EDDDDAC9F22D7E870D7C85882939E7400502C1ABEA5DB4478D85826981,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.046{6EDEAD03-0448-615C-6F05-00000000FB01}32006592C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x80000000000000009250Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x80000000000000009249Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0018f102) 13241300x80000000000000009248Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b5-0x97e4c1a4) 13241300x80000000000000009247Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9bd-0xf9a929a4) 13241300x80000000000000009246Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9c6-0x5b6d91a4) 13241300x80000000000000009245Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x80000000000000009244Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0018f102) 13241300x80000000000000009243Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b5-0x97e4c1a4) 13241300x80000000000000009242Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9bd-0xf9a929a4) 13241300x80000000000000009241Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:52:42.819{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9c6-0x5b6d91a4) 23542300x80000000000000009240Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:42.553{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=989B3DC20F93C976979C6E0E10265409,SHA256=23FFF9C001DA13E7E4756140E9D3BA5D66217E3B032EE171B161780B1794B27E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.734{6EDEAD03-044A-615C-7105-00000000FB01}63806496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.656{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F37E9602F8B664AF34CAD70DF975B09E,SHA256=C9CE95926964649CAAD4B3153C262BDF1B2436C095D409019682DCC7C0578DB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.609{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=618DCFB72C1A5E7B055BBA601CE46335,SHA256=78F601D25F634B61C8529A686E2E675C4AECEFBFB8FA73D58F33B7820700ED74,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.593{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-044A-615C-7105-00000000FB01}6380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.593{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-044A-615C-7105-00000000FB01}6380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.593{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-044A-615C-7105-00000000FB01}6380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:42.594{6EDEAD03-044A-615C-7105-00000000FB01}6380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009252Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:43.788{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0720E503CA50F8A3CD6AFF2C8FF7038,SHA256=F52A63B3DBF9777523AA39E0F80A661A762105CBDDA65C2C2B60150E59D26289,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.968{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-044B-615C-7305-00000000FB01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.968{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.968{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.968{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.968{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.968{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-044B-615C-7305-00000000FB01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.968{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-044B-615C-7305-00000000FB01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.969{6EDEAD03-044B-615C-7305-00000000FB01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.656{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBE7B2B22C006D294DFD29FA2D0AF880,SHA256=CB3D15C78560132116393B770639617FBA15FC5F9371E2F3D0D819B48D3E4B0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009251Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:43.272{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.421{6EDEAD03-044B-615C-7205-00000000FB01}23126504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.265{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-044B-615C-7205-00000000FB01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.265{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.265{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.265{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.265{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.265{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-044B-615C-7205-00000000FB01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.265{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-044B-615C-7205-00000000FB01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:43.266{6EDEAD03-044B-615C-7205-00000000FB01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009268Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.991{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40684927B38DAE30DAAB5BA039B0B97E,SHA256=E1C77C5C4FE87904F029F128E1E7937F8148B3511C7243C6F6127FE3AEE4922A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.656{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F174CFB2388B8A3E0FA61D1E292A2C0,SHA256=0B889909D53D46D30F34FC7DE50F317B0BA75003154A52733C7940E33B708FC1,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009267Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:43.290{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50018-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x80000000000000009266Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:43.055{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50017-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000009265Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-044C-615C-9401-00000000FC01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009264Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009263Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009262Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009261Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009260Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009259Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009258Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009257Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009256Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009255Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-044C-615C-9401-00000000FC01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009254Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.537{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-044C-615C-9401-00000000FC01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009253Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:44.538{49C67628-044C-615C-9401-00000000FC01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000025318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.640{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-044C-615C-7405-00000000FB01}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.640{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.640{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.640{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.640{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.640{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-044C-615C-7405-00000000FB01}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.640{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-044C-615C-7405-00000000FB01}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.641{6EDEAD03-044C-615C-7405-00000000FB01}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000025310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:41.839{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50271-false10.0.1.12-8000- 23542300x800000000000000025309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.359{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C0F16EE62D92D92820D8F43D62C1F1B6,SHA256=AE7177009E020CCBD81D973E19BC2E745DDD8479D5DD459D63C77334E88F9CAD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:44.140{6EDEAD03-044B-615C-7305-00000000FB01}65965580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:45.702{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1F859F93CE74509B3A335530E205D14A,SHA256=9AEC92E02B928E4DEAB287CBD3F85722B1257134AE9D84D9AC3E4067BF86B843,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:45.671{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=463EC835A56D9B63B29B58906C9811F4,SHA256=F7AD9601BB26D8362DFA597F045696AFC97ADFBF2E1DAA1F415F29ED43E7A548,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009297Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-044D-615C-9601-00000000FC01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009296Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009295Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009294Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009293Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009292Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009291Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009290Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009289Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009288Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009287Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-044D-615C-9601-00000000FC01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009286Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.881{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-044D-615C-9601-00000000FC01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009285Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.882{49C67628-044D-615C-9601-00000000FC01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009284Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A1CA4DDC14241888099A4A5FDAB9F80,SHA256=17C21A618BAFEC68B5022C7C388BA66B0D1280D8ED04CD6F9C13D0292333388F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009283Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D1D7D9E0D3F4E396276C28B97DB6CFB,SHA256=43420D9934E06AF3EBA444B0D842C9BD33B4B4264EFA4F069EF3B7D0D52C0950,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009282Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.366{49C67628-044D-615C-9501-00000000FC01}12483944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009281Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-044D-615C-9501-00000000FC01}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009280Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009279Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009278Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009277Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009276Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009275Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009274Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009273Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009272Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009271Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-044D-615C-9501-00000000FC01}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009270Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.209{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-044D-615C-9501-00000000FC01}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009269Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:45.210{49C67628-044D-615C-9501-00000000FC01}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:46.906{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1686FA6CDE910A10FA57C8732C34E7D2,SHA256=2BC260B9DB73302BA603C153BD854D5E8AE47B634D6E04DD6C5268216DB9631B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009312Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.897{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A1CA4DDC14241888099A4A5FDAB9F80,SHA256=17C21A618BAFEC68B5022C7C388BA66B0D1280D8ED04CD6F9C13D0292333388F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009311Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-044E-615C-9701-00000000FC01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009310Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009309Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009308Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009307Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009306Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009305Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009304Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009303Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009302Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009301Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-044E-615C-9701-00000000FC01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009300Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.834{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-044E-615C-9701-00000000FC01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009299Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.835{49C67628-044E-615C-9701-00000000FC01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009298Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:46.256{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36DFB050648EA31B98F80FC26040819F,SHA256=00DDEA678912818404096C24E297608AC106263E74F0F83944CCDC774D2F18FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009314Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:47.256{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE831B9A8D363FBBEF4BDB91A3C724AC,SHA256=2AF28A81DAD45673475DB1E5923DAA971CEF05C030B73907BD6AFA49733C8813,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009313Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:47.006{49C67628-044E-615C-9701-00000000FC01}23163744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009342Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0450-615C-9901-00000000FC01}752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009341Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009340Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009339Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009338Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009337Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009336Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009335Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009334Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009333Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009332Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0450-615C-9901-00000000FC01}752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009331Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0450-615C-9901-00000000FC01}752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009330Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.944{49C67628-0450-615C-9901-00000000FC01}752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009329Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.444{49C67628-0450-615C-9801-00000000FC01}12521148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000009328Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.367{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBEDDD0E2D5F9E1A6637CFA14DE89075,SHA256=DA8B7B01C6DCBE5BA7510FF1E5546DB0086C695984E1D020E23426CC821D2FA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:48.078{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4EFE9FE557BD9B3008F0FDDE1115931,SHA256=B7979CD8FBAA874ED301CF2F4772BDE61B95E43C30757B9B2B10F78A4A2AF54C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009327Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0450-615C-9801-00000000FC01}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009326Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009325Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009324Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009323Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009322Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009321Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009320Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009319Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009318Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009317Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0450-615C-9801-00000000FC01}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009316Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.272{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0450-615C-9801-00000000FC01}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009315Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.273{49C67628-0450-615C-9801-00000000FC01}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000009359Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:48.242{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50019-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000009358Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0451-615C-9A01-00000000FC01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009357Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009356Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009355Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009354Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009353Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009352Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009351Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009350Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009349Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009348Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0451-615C-9A01-00000000FC01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009347Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0451-615C-9A01-00000000FC01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009346Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.616{49C67628-0451-615C-9A01-00000000FC01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009345Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.412{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84709FA3CD38AE326972EAD101159FC2,SHA256=CF60262140A0B8B45BADA7D59D5C1BC150A555F9DC85ADE012FDE2CA2353FB33,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:47.683{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50272-false10.0.1.12-8000- 23542300x800000000000000025324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:49.093{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9E9E85002E516FA37FAE06393F59D9B,SHA256=2915E96542A0CA79BA047E455BB0ED953CE90291C2D1B654AE4C6B77F17157F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009344Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.303{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7991546EFDCD468F06F1F99344A547F8,SHA256=CA1E90099C5B41E228E49C9088959350E3AEA18DCE8E2B4A6DC76C573406200F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009343Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:49.162{49C67628-0450-615C-9901-00000000FC01}7521260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000009361Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:50.834{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75091B284D0A3ECE521CA08AE5C4E688,SHA256=8E8D5F989CE9395ED7DFC1AB6FF3994D556D0326F76D5B2B7AE6649DA58AC0B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009360Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:50.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B68BAC2AD25840D376C314E5AA69847,SHA256=90B79DFD1E442500B27EDB22644643437CC457E064F0F487E047044F4C76BB80,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:50.718{6EDEAD03-FC1D-615B-0D00-00000000FB01}9082492C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2700-00000000FB01}2896C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:50.718{6EDEAD03-FC1D-615B-0D00-00000000FB01}9082492C:\Windows\system32\svchost.exe{6EDEAD03-02A4-615C-3605-00000000FB01}5768C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:50.453{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=A9D1E54612CF56797E213BDA50786F88,SHA256=98004F31A0B67BA7A82CCBEEBA42672B513EDC0AB55CC69FE2760E1F731F94A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:50.093{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B3E9501B1D678BA428CC2890023F044,SHA256=F3EEEABC65A6946B82C5AEF0B6C349FF9EDD1BBC786990051430CC9DCE9958D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009362Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:51.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CB00A83E126A7B301828C68FFBE2B4A,SHA256=DCABB98F109D74DD86CA8112E02F708E8AE4F2FB156CEA4213E4E58A388A9B9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:51.093{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E26AB7291D9B54509A4B892883743518,SHA256=7280A933A23DEABE5CBBB4994A4F409873EF55F7D0C1C4ACD8A53C507431A2FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009363Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:52.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C435BB3CAB83CB21874AFCB29995D37E,SHA256=8503CB8910F7BA761FBDA1F76A4CE0AB812F234C6D77CC435912AE94119A1371,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:52.109{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35F20186EF08D6FAB7140E209AFD9A96,SHA256=DB59B264E3E6A44A258F9A30F5F588B51817C90E1A3B35CDAD15DE260CECF265,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009364Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:53.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F54321C6117C90DA3F2DE97CFB83878F,SHA256=971428D4FB14EF54F0B25804C4271E81E3FBF939D11191923BAC381DA4315D32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:53.109{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC1C2401BD555EEB92EEA8CF552DBC23,SHA256=7A64E3571A60CF9D8EC5994F5A8B3B0597C78ADD8A423C14D98B0441EF9C9CB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009365Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:54.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFC19B5687371A3ED379EDCEB07F9D83,SHA256=0C54A029E52533D5253E078477F037BA281EF360DEDF3B90BA86F3E48469E7D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:54.109{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=483C5D5070A02065893B0E9CAA07CD9B,SHA256=9A235105F9F8C814ED3D368059312B74992B888837E0F37B4106A5D8AE423CD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009366Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:55.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81EE661CB3371F30BE8F5A98749B5F79,SHA256=883AFCA8640D250C5D99CD6E5FB3DAA886B0059FECFFF0B6CD02632E0B057934,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.691{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-033MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.188{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2CFC10AFE89D1C6BD0B557F55DDD424,SHA256=5DD05EE3206AFCB4E43D1FD299967505239CE4EF2EDE2160637100DD396AA4FE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:52.808{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50273-false10.0.1.12-8000- 23542300x80000000000000009368Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:56.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A579505CC5E9273006255A8881EF374,SHA256=11DD422220BF6536BE42BCD8AD2035EA7C37A73A96A555ED216A186085A5138A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.694{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-034MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.192{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=788991A986C3BCAE0A75469E30CEE59E,SHA256=F9FEBBC91421A449C4F946F1A11062E9F5B43C160B82472C3C337FCCF12E6438,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009367Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:54.195{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50020-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009369Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:57.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25BC726C4E29E06A89E80BF73A63F524,SHA256=C8D9B229CE180CD617679D567ACCFD915C630DCFAF6839F5812531113A6A5377,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.012{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62132- 354300x800000000000000025380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.011{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local60145- 354300x800000000000000025379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.009{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local59445- 354300x800000000000000025378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.008{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local54900- 354300x800000000000000025377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.007{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61753- 354300x800000000000000025376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.005{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57159- 354300x800000000000000025375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.004{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local65495- 354300x800000000000000025374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.004{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58323- 354300x800000000000000025373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.003{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local55700- 354300x800000000000000025372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.002{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63929- 354300x800000000000000025371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.001{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local64264- 354300x800000000000000025370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.999{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61909- 354300x800000000000000025369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.998{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local57550- 354300x800000000000000025368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.997{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49169- 354300x800000000000000025367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.996{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local57578- 354300x800000000000000025366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.995{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59780- 354300x800000000000000025365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.994{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local63902- 354300x800000000000000025364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.992{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local63100- 354300x800000000000000025363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.991{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local55460- 354300x800000000000000025362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.990{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60613- 354300x800000000000000025361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.989{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local62845- 354300x800000000000000025360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.988{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54669- 354300x800000000000000025359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.988{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62428- 354300x800000000000000025358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.988{6EDEAD03-FC1D-615B-1300-00000000FB01}1032C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62428-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 354300x800000000000000025357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.987{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64435- 354300x800000000000000025356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.987{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local63007- 354300x800000000000000025355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.986{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55260- 354300x800000000000000025354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.986{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61820- 354300x800000000000000025353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.984{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local55059- 354300x800000000000000025352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.982{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61965- 354300x800000000000000025351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.981{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local54268- 354300x800000000000000025350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.980{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62369- 354300x800000000000000025349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.979{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local55497- 354300x800000000000000025348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.979{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-676.attackrange.local55497-false10.0.1.14win-dc-676.attackrange.local53domain 354300x800000000000000025347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.979{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54268- 354300x800000000000000025346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.979{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54268-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 354300x800000000000000025345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.971{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50275-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x800000000000000025344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.971{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50275-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x800000000000000025343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.970{6EDEAD03-FC1D-615B-0D00-00000000FB01}908C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50274-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x800000000000000025342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:55.970{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50274-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x800000000000000025341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:57.365{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F0359C53FFD6425A41D7012826A2334F,SHA256=789D8175465930B8BDC32CBF3E5D6D295EB07F732F57F189AC1044100F215695,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:57.365{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ADB6A77B98546EF3D16D46BB7D247B0E,SHA256=210D94C49D7EE80561C15221065579A2C2630054EDB4C7FC1D3A5122CE3EE89C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:57.208{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C446A489C683841BE1CD08014638BBA,SHA256=2C19B069378A810F5BFE4933463AA7F9B0BD586ADB9F86EA844205AE46788A3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:58.596{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8071C3DC9494C0BD4906A9DB79DE59F,SHA256=5C9AE78EA155BA983CBF60D00352FD7CA1E68936ACE2BE0C6A3369960BBD8EF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:58.526{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=420DF6D86CD96D553816769F4BA5F3C2,SHA256=A8CC5EE09A0AE93D7A01B530913DFE9D4A312FE14803723A945F5842AD0D15D4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.022{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local59893- 354300x800000000000000025388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.021{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local58778- 354300x800000000000000025387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.020{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63382- 354300x800000000000000025386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.019{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local54922- 354300x800000000000000025385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.018{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56569- 354300x800000000000000025384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.018{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local59459- 354300x800000000000000025383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.015{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58058- 354300x800000000000000025382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:56.014{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58801- 23542300x800000000000000025391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:59.292{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1AA06DD77B40BB0CB074BFC75F11916,SHA256=B7A88162393ABE5CE96ADABEB3984B7937A667A2271CAEECDA4AFFB760F3AA4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:59.596{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=490E0BE46439F26088FEF9A844CCFC1C,SHA256=2B9F13C81E01EE5A7927B3506BADF209E904B837E96C3D1FB3E5F46829B36194,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:00.596{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE1995A21E42BAB0DCFE2AEECCD42D75,SHA256=9550A6D2169DC659F9291595ECBDFE1473073E310B509B52358BB65B95C4860E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:00.292{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1ADFF77B46FD57FCE837CAB5B45EBC2,SHA256=DFD9CDEC4D0D4BB29776698C5967221036554712A72EFEC561E0D7A3BAF34136,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:01.596{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C4F649F134BFB948FEB7A23B120B7B4,SHA256=41B86EC89AE5B213D529D4B89A52D3B77316A4BB0468E5504C71989C55D25803,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:52:58.694{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50276-false10.0.1.12-8000- 23542300x800000000000000025393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:01.307{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=628F084B3376600C37014C045C7D687D,SHA256=EAC7C545F5A5A4E8C7F6B0AC33F0FACDDCBAFAE71C45230AD54DA1BF2954B7B3,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:52:59.240{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50021-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:02.323{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E4CD0963FCB178BEDDF43D6AC8014FC,SHA256=2D2839D6251FFEFF863D5D92675F6B3351A0F0A3A97DF330BACEEFA1225D7349,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:02.611{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E24EED7422EE2C0F488B9A33AD8135A,SHA256=E8A29D0ECD7CE33103B65701A468166F1AC1B537955E590D7BE146D3CB02D5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:03.323{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D9CE8861BEC82ECF261EECB72F7AA6E,SHA256=CC5D64D1B80BBBDD6D2364591103BEB885E87C26CD589E94700357BC49801BC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:03.627{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BE738C57D78AB475C5302807A5E0DDC,SHA256=35027F4BAA6578A545025BCCD017CA7FBEF1CFCE0EFED0B3B8D2D8B6C19D25DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:04.642{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E2820720AF991605C8C020BF402458C,SHA256=C254CEF34C506778B8310544494023C5E1B6E860183EAF546C9870487C3819B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:04.386{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1481BE815B0F7CDB8BE2D2E94190C146,SHA256=E6FC16CCCAAA6D961BB31CDE69F62383EBEC29E218497A946AD117C96E68FA9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:05.642{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AA35291A5DEAF024291FD4FC2B19C82,SHA256=4C024FD2B0DD2FFFFDCB5C9351B842276F431936074BC5B6634424215E9BBFB3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:03.725{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50277-false10.0.1.12-8000- 23542300x800000000000000025398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:05.417{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17EA1FDA76CF1536AFE27B88F00325D8,SHA256=EF7C09913FD83BCAE2BD5F796020F7138E85F0BA4EF12BB84C4D698AFD9A433A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:06.448{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42FAF68F2635B8FA93C9B0E2555ED669,SHA256=42D05DDBA9C60436F003DCE2BDCB2313E49534441ED37B20B0FE927A9B39C375,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:06.658{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=949CC4BDEC480EF0DB4C2504405C70C1,SHA256=D029EFC25408DB578C7743B3437593035004612209F13939FAF133C20D7EFAA8,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:04.253{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50022-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000025405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:05.300{6EDEAD03-FC2C-615B-4400-00000000FB01}3672C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50281-false169.254.169.254-80http 354300x800000000000000025404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:05.232{6EDEAD03-FC2C-615B-4400-00000000FB01}3672C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50280-false169.254.169.254-80http 354300x800000000000000025403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:05.196{6EDEAD03-FC2C-615B-4400-00000000FB01}3672C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50279-false169.254.169.254-80http 354300x800000000000000025402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:05.195{6EDEAD03-FC2C-615B-4400-00000000FB01}3672C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50278-false169.254.169.254-80http 23542300x800000000000000025401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:07.448{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=454D4ABA0FFD29C7196186165E7AAE04,SHA256=27CFEAB840F2BF046952BCD01E97FDA28B046DC412466D81B1FA4DCE64BE0A57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:07.674{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C93512E187595B36C8BC1EC82C226F3,SHA256=A494D040DA39233AFC8410044636B206A5B85D8DC1430E6024E1E15EAF4AA1EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:08.573{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=202B7D9386E71B900A262FA55FB98BB0,SHA256=A32D7B67D675A2E292C9A6F95B214CDAF588F07D2FD55CC3778C3C6CE2812105,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:08.674{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B0115F727313E9B55181ACA7DD411D4,SHA256=9AEC8160A9E283FB9864C53FB5CB5E94CA25E1676EFFBDE143E53573355A62E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:09.674{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6DD55B3119AF44A51CC94E90742C8E5,SHA256=200CBEFB797CBFA53AC2FB5C3FC587D99355F527FBFD800E80F7DAD383200D13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:09.573{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB68084C2790BD72A723DB43556CF235,SHA256=155FF09BFC5558FD0F724528E9BF55FC47E5F75F82E3DBD3F36E016EF4D86B94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:10.604{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E95C305131653B28ECEB6AF2B048C362,SHA256=CEC8CEAE09DE096DEAFFD7B991132ACC07FF9388E3D6EF32B3E5B2D560F1AFA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:10.674{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34B581CDCF91DC576CB1C89F1051D230,SHA256=33555F90AAEF62913D4C6484FDEDF734C131888252F46E71656F7D5CF01D51DB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:08.834{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50282-false10.0.1.12-8000- 23542300x800000000000000025409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:11.620{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33366B8FC6C26BBDF76BC576EB954634,SHA256=13054E493A6FFBF2649DAF624ED83B17C7A041822C90EE181370BE3690A2624E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:11.674{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC7BD9BA969EF275AB5F29BD4B4D073C,SHA256=AD0648CB9E212A0219A2547DAFA59E186B2E4BC862D8E975838479F0FFAF4EB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:12.636{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C0857917202CAF10AFCCAF387CB2224,SHA256=5D8A788F3B359AF640C0FC9F02955C36A13CD2D8D948DF4F93F0F2AA1A6FCB23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:12.674{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31C182A1F46EAC29401C73561E45D6CD,SHA256=AED6A603CDB7A11DD8BA86AC88104BF5FA45A57B2460801F01EC28C5C036D936,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:10.113{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50023-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:13.674{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=146BD7B83CED0668F610BF55A49D1080,SHA256=84C776E5CE6E07C4F9465D7E5167446C455B8EF43B5DF86E10A45667A76713C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:13.651{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DBDA8AE6207AC1A4781D6C66CE7EF69,SHA256=DBC248AD680D82DA8432760DA555B3A7BB02DD01D4E6B8098EE635107D938DFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:14.651{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5152FA06FD8B0E1B447B3AE30E7F41BE,SHA256=AEB036A733C9D9596ACAD49C15668A64BB23D5D1E2CF8DE9C51D641D45926E69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:14.675{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8DC60B6F3657B267952CEB4F58EDB27,SHA256=F3BD76ED2B5DD560834E4071CD97A46E12CCE5421D55FED1013B1CB25C4109DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:14.396{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-026MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:15.667{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0254501C880E6E96DBFA449E5DE2B8A0,SHA256=38FFA1BC056FC702F8F601C84669BAC744F5C3F442C69C2B5C1A578CA22521A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:15.689{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E257E18CB3603A5FD334EBB8AB51D20,SHA256=2382E0273E7FBB9265C58A65C2B29CA4C88AC7FDF52B3A31EC1184F127FC3903,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:15.410{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-027MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:16.691{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=469CFCC93B98E92C1C49CA54C1B1E816,SHA256=DF57550A48D0ECE538D3333F43E38B9B57299C79157E82535D2B5F0E5C232D85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:16.667{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22A7E0967CF6C6F8B57EEA46D676938E,SHA256=0665E2A6AE13519B556FCF6AC5EDCC67AD29DCA05DA41EB9CCE2CAC0185B208B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:17.691{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=638D3AD2FA79B0740BF28664795CF79F,SHA256=1FD88AA6466E267891233B6758E98CF7CFD4C55E2B036F6ACB3E1048A89AA922,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:15.975{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50284-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000025420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:15.975{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50284-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000025419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:14.772{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50283-false10.0.1.12-8000- 23542300x800000000000000025418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:17.683{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D49B5EE24EFE4381CAB47C497AF498A,SHA256=6E7F9C837D82F6FB38FBFAA432F2942EDF187658B919F8F81E589266018E965D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:15.192{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50024-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:17.370{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9ECF9DA941C1BB28EE8ABA53102F1DF2,SHA256=4AEA264614C0D7E5E61C216A41D83D6803FF68853B79EBC92DC60235F338DAD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:17.370{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F0359C53FFD6425A41D7012826A2334F,SHA256=789D8175465930B8BDC32CBF3E5D6D295EB07F732F57F189AC1044100F215695,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:18.734{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9ECF9DA941C1BB28EE8ABA53102F1DF2,SHA256=4AEA264614C0D7E5E61C216A41D83D6803FF68853B79EBC92DC60235F338DAD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:18.687{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA824705884500CF075442107C6AF5A3,SHA256=F03A270D83D3D5ECCD4D4608DC62BA9B54750B8EC2B657C88B55D6FD4153B87C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:18.694{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B24383BA3383875E6BD33A92EDB218F1,SHA256=AB8106CC92F6C91B21DFDA3CAF33178F60A15295A4B5FECAA0234357E89837EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:19.687{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E43DB5BF697BA18331EF0DD387A403D,SHA256=C9114EEFF29AFA5B593B883289F13D9ABABBD9B43A9CF9A3401701EFB92266A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:19.694{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75B6FCB448E58E3A86C84DE043573434,SHA256=D03A2CE5C2D6BE3CC094797BFE881260757FA16FE5D8C04A8B4709C74C3961BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:20.694{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41522AD39C9F8551917FADCAAD2E04A5,SHA256=8586936AF77BC8671AC9C36DC093A7EEFFD21926BDFF7650D10F71B4835FD37F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:20.734{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35D7EC627004A148A3F94F2EF3DA26AC,SHA256=D888D1CD327ABC6A58353DFFCF4968E6FF45C9BCC58A71BD7CB37C2AA9841D51,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000025427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:53:20.343{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 13241300x800000000000000025426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:53:20.343{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x800000000000000025425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:53:20.343{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 23542300x80000000000000009399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:21.694{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC4D2E63886D24105CEEB1E54E8CF559,SHA256=A774CEE19CE58628F88C4F7EACDCC24FF394749D7E7DC9ABE8D5A66F305545F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:21.765{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1BFAFEEEA7091145E73F7F14BB0D0FE,SHA256=8842BAD9AB7641B65132B5D63E2C5BBFB0714E8D4A95776A39EAA457BEFDECDE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:19.970{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50287-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000025437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:19.970{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50287-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000025436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:19.964{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50286-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000025435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:19.964{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50286-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000025434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:19.950{6EDEAD03-FC1D-615B-0D00-00000000FB01}908C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50285-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x800000000000000025433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:19.950{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50285-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x800000000000000025432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:21.390{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=82E9F70E7FA379061B1C674E6FD237CC,SHA256=7C1EA048BD3CAE3C63D329151ABB2F747DD8B820C5A93C5CB8DB2B776A750A46,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:21.375{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:21.375{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:21.375{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:22.984{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74B101A38CDB4AD098AA1B77BFBF5B68,SHA256=85E0790AC6E37B617260C0F4B59D7A7FE02D046DA6942704DF60A09898CA12F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:22.694{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EF500F34FA2D2CF27C459B85BA30442,SHA256=27C35D643E327D1311C3FF6372157F7645A4F7B98B5221CBF4A2BA2C683D396E,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:21.180{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50025-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:23.710{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2060EB96719399D05C4128CC41B49C9F,SHA256=5EFF4CA3D4178FDC5B654E3FCB086D23ACE588A97C4B2938308726D108D49A20,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:20.699{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50288-false10.0.1.12-8000- 23542300x80000000000000009403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:24.710{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77668E19819DD339BD6EBA205F7808D7,SHA256=662AC55ED4B5E3048BC88C68506843DBAFD88B722B8FD4045CADFBBE8F9C82BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:24.000{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BA6B2339053FBCB3B95AC7FA821039B,SHA256=E426A471E185E5A5C8FA135EB0040E82AA3731D101D51429955292820379A94D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:25.710{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B09C0232CC2523B57C7C112B0210051,SHA256=E836DC76428A0A5FB54FA535B121AB7302F3233BA3E5A8EA1934389648485A1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:25.015{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E74D34F05BCB65EE6F353E9EB3D84046,SHA256=1964A6FE5FFB021DC1D91650424B23C0A90643634D48C835CF41AAC6A4789F48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:26.725{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AE3136B8ED876DC2ED5A8374F77B127,SHA256=9C251E252B0ECAF1584B060E0739D76245CE7CA20D88FCAB803E5753E35C37AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:26.031{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFBF51DBE0A912D516116C6DC21DB1FF,SHA256=A7CE91F4A5A1F28BC80499C2565280BD453D95D2CB24BE2FE16E1EA204AB9A92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:27.725{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCC80CA7C020466D8C9DA263E12C5766,SHA256=EB1D21CB910DA74A6C8BCE4F22E1C285BB2179BA6476F3C593CCD29F930CF90E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:27.047{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BDCF8390392CC762329D7E0BD95C313,SHA256=346C1A03C581DC18926C163541AF7EF90B9D368BF31487F781E89B818ABB57AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:28.725{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95F5D2BA135133FC951E1F3A14D4F227,SHA256=9AC4577C8BA3FC9E75DBC9A7E702433CC4A366BA52F29173ADE326747E3D25B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:28.265{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=898C20AE063B994E1D7EACCB3DD90C33,SHA256=E4BD4A081C8DEF91DAB44D0BD32CD961F7E1ACFDF1E071FFBDCEC2E9241064CA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:25.714{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50289-false10.0.1.12-8000- 354300x80000000000000009409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:27.180{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50026-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:29.725{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F39A1EDCDE27A0AB62570B1D4BF23D4A,SHA256=B4C30A9BC469C06A002B89EBA4FDE298D44596FDC8E06DF93E62015C97AF64BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:29.359{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFBD198EB2D66B613628CAA8B5C99D10,SHA256=0C36CEC0617180756C6728225223D3C373307C7E1FE5D4E970848681FF3D9904,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:30.960{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0964B4FE1E27C5C72A735FEB972583F0,SHA256=A5BCBA1A7910528821D74198D684BBFCBB30C6D1608C86A4D2B340782662FBF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:30.359{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BE488A10910F34C0C7A432F0F5E39C1,SHA256=496B6FEFC3CE9C39DE22B3E73422C7B51577B6B425699C5602FD5C569A0C8B65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:31.390{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=062DBDCA9F38D1D907FFB1FBB5AABC9E,SHA256=FD6198BC316052B5B5C8EE46AFD84E28382928855741722488F0D59F71C32E8F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:28.371{6EDEAD03-FC1D-615B-1200-00000000FB01}616C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local546dhcpv6-clienttrueff02:0:0:0:0:0:1:2-547dhcpv6-server 23542300x800000000000000025452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:32.390{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54251DA1536B3A5E24EBD5C50210799B,SHA256=09567417FBF4C5F3D7EDE33694CE96E1DCC2D09069BFD9C21A74F9BA86396AA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:32.241{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=D3FF11E7635B276E06A0CD1CD7BA7A65,SHA256=6816695DAEC1281616F555EBD0DFD0C6586E8C57553BFF944DE769E6AFEC9E97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:32.179{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43CFEC82F5B50EC73DFC93EB5899892C,SHA256=B94CE8CC9774DDCB4A78AEB70DCBDE8D36812549A3FCC94740AF983C27B87714,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:33.413{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A8A8F40E446BAE0F661BF1430AE9729,SHA256=AD76AD9AC925A775CBAB5F57B82CD45C03F9D9A7548D088077AAF3ED95ADE764,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:33.406{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95DB23E523B22DD9DA814D673BCB892C,SHA256=F976E70FA2D5BAB4AC96643A1D6F36537FAB285ADAA025BC95C08AD4E1E42684,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:30.730{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50290-false10.0.1.12-8000- 354300x80000000000000009415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:33.087{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50027-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:34.538{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=665B6DE5511A05C90199A04F42BDF935,SHA256=0A450404A30F3545DB5750C2297B098489E4BA90F8002539C6FE5855052E1AD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:34.437{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DD9B64E60A28A211CE6BAAEF8F4103B,SHA256=17B3D46D5342E3F1EF4574163E9C92790282A889279BAA04757C6E626C2F6778,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:35.632{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE2F4FF15B240611A22B303A3B9D0F6B,SHA256=279471EC79F449BC60511D51B833348B6913EE7091369028900AC4CC7CEAFD34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:35.484{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D585250F6B9542E90B108D21C026D1F,SHA256=A66ACA1EA2D36B60CB2DE894A4DC4EA86B6D3B516CF5208B1A86627860FCE208,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:36.851{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB5336B2F57ED0B8C98242C387A1FA2E,SHA256=E5FD5ABE029A29FCE93A271C6F54820FE5CAF84E59A0BBF685F35AFBEA36DA37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:36.500{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADDD445036C4E01F5A1D826580F1AA4F,SHA256=74726CC674ECB19D088FAA891CE108245D53FF2D3EB6E1612376C79F387816E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:37.501{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC852595CA7DCC18B4828ABD9C4BA9F8,SHA256=1748BE40C7F26B6858E1A2ED0851D5A42B62F35E218DB7FF9B86A3223B9F511B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:38.989{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:38.504{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B79B60E5955DB3F448AF52DD2AE10F5,SHA256=1E3BABEF8AE2FA13B79475A11838F2055DEE0D03C217BDB8A27563D3D0AD4C05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:38.027{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4DD41A4C33DBEB204F35BA663F82EF9,SHA256=B795867E64A3EC11451B45717707990D5E3B37F9EFF7E045CFCFE5401BDC87D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:39.551{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC0801FB751B8980F4FACBE2714DD1B5,SHA256=8B4876EA41ABEF492CEA6C4F27C5B603E581CB3F1AD13EE393C17661994DB1B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:39.152{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B3BE5D76B08D287C508354895E77B5F,SHA256=5720CF73CCFB2AE840FD7978D0DC85BC3E34EE2ED7C648B193EBA07EE6EF2C94,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:36.745{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50291-false10.0.1.12-8000- 10341000x800000000000000025479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.848{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0484-615C-7605-00000000FB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.848{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.848{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.848{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.848{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.848{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0484-615C-7605-00000000FB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.848{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0484-615C-7605-00000000FB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.849{6EDEAD03-0484-615C-7605-00000000FB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.551{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81A217C6D84507171126F12C0565E35A,SHA256=64336424A8235B4E283A595DF7DE06589B640148DF1CAE9F0512CEEA581781B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:40.199{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76E2EB1075F38A7385B9CE22FE9B3764,SHA256=0E4512ED3302E77B0B12BE39ED00CA7728BD71B29ACF518C61063D51CD75CDC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.239{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0484-615C-7505-00000000FB01}5224C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.239{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.239{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.239{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.239{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.239{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0484-615C-7505-00000000FB01}5224C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.239{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0484-615C-7505-00000000FB01}5224C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:40.239{6EDEAD03-0484-615C-7505-00000000FB01}5224C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.567{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF29F7F97DC356225FCF6D2DFFB3B097,SHA256=3470513549B25F353A3390A48761B7F08DF238DE439C082ABB0AF170B82871C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009422Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:41.215{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EFCD71FF5893756BBF83347D8F792C6,SHA256=C611B065B1CBB0559BA16577717E66169838FC64DB69775FEA64DCA46165A60B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.473{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0485-615C-7705-00000000FB01}6172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.473{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.473{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.473{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.473{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.473{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0485-615C-7705-00000000FB01}6172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.473{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0485-615C-7705-00000000FB01}6172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.474{6EDEAD03-0485-615C-7705-00000000FB01}6172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.457{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BB41B5B6588671F6FE36D59B4E99CA9B,SHA256=7E852EA48BDE705BB192CEF253834A082DB3159966A1ECDEF02B8A5E4CC16669,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.457{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3DD1123071CD64FE9D9A732AFDA22F21,SHA256=1E53FB38E3A2081BC8C196486C079F379C9B734CBB46F81CC9A3E1979B8B71BC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:38.578{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50292-false10.0.1.12-8089- 10341000x800000000000000025480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.020{6EDEAD03-0484-615C-7605-00000000FB01}46046152C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000009421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:38.216{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50028-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000025503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.754{6EDEAD03-0486-615C-7805-00000000FB01}61926216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.598{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9A453D991CFDF36E69254AE657BE80D,SHA256=4388DEE9FEB333E8707E33A95A05FC3E7F9792E25730201F2A07D215C6A54106,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.598{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0486-615C-7805-00000000FB01}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.598{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0486-615C-7805-00000000FB01}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.598{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0486-615C-7805-00000000FB01}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.599{6EDEAD03-0486-615C-7805-00000000FB01}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009423Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:42.215{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E880357D962B02D3328AFE4BE76D1793,SHA256=9604E105944D8E16022CC3AA3C107E7BF50CDE445BFF7E9C00CA236B982A2395,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:42.489{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BB41B5B6588671F6FE36D59B4E99CA9B,SHA256=7E852EA48BDE705BB192CEF253834A082DB3159966A1ECDEF02B8A5E4CC16669,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.895{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0487-615C-7A05-00000000FB01}6200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.895{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.895{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.895{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.895{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.895{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0487-615C-7A05-00000000FB01}6200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.895{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0487-615C-7A05-00000000FB01}6200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.897{6EDEAD03-0487-615C-7A05-00000000FB01}6200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.614{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE62C3D669EF5F9163DC72DD3DC87799,SHA256=35D7A6CDF35E13C6D5923C9EC30856FE600D876705D98D27AC424337E6080576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.614{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=56DDF0F2795B87722B1757D40DCB3CE9,SHA256=71E713D070EE17F89E722BBAB457B40BC93B8E8EA8981FAACE9EB3A29E912DD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009425Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:43.465{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF65A59F9BBFF6A54DA56A788B754BD9,SHA256=3BAB0B536BE6A273837BAA8B473FA4711C6545D72D73F4EFCD5C3DCDCEE698A5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.395{6EDEAD03-0487-615C-7905-00000000FB01}53004732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.270{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0487-615C-7905-00000000FB01}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.270{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0487-615C-7905-00000000FB01}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.270{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0487-615C-7905-00000000FB01}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:43.271{6EDEAD03-0487-615C-7905-00000000FB01}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009424Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:43.293{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.692{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8D95CF5B4CF5EBF4CBA14AAE2A5840B,SHA256=932A6C8CBA9D1BCEB11B36ABA0AE798E3B71EE50AA205C63716FEE5326FDBC16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.652{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8CFCE1B3801ECAF1E787D0F128FB55B,SHA256=CFD78814B8A3E3E8BF1C7BFC0A19789AFADAF67857783FA19CD5F7D3107C34CD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.567{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0488-615C-7B05-00000000FB01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.567{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.567{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.567{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.567{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.567{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0488-615C-7B05-00000000FB01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.567{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0488-615C-7B05-00000000FB01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.568{6EDEAD03-0488-615C-7B05-00000000FB01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000025524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:41.766{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50293-false10.0.1.12-8000- 10341000x800000000000000025523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:44.036{6EDEAD03-0487-615C-7A05-00000000FB01}62006188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0488-615C-9B01-00000000FC01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009429Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009428Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0488-615C-9B01-00000000FC01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009427Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.543{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0488-615C-9B01-00000000FC01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009426Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:44.544{49C67628-0488-615C-9B01-00000000FC01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0489-615C-9D01-00000000FC01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0489-615C-9D01-00000000FC01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.871{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0489-615C-9D01-00000000FC01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.872{49C67628-0489-615C-9D01-00000000FC01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.762{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=574E2FDFAF96DFFA111B47FFB9B4220B,SHA256=DB0CC2F55F0230BF99886F1E5878D916A34E605AC0DC91EDB6C8273E0A514F12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.762{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4F77A04821C115F164361D3721DDD023,SHA256=EC243FE5110F784EAB873649ECD6038D8F35189A2A0387A7894CBD09A6325561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.762{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3862992ACC3F6BE292DA17E941DBAEC6,SHA256=986C81AF902FEBC087BB8056CC8861A4E540DB13F15A7A210AD6DCAC163233E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:45.723{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37DD9E862F233F9F209215C9CA18DD8D,SHA256=24F3CB51903A890F524B3C3D0E61E27BE865370F2AF942F160102BFD98AD34D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:45.051{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D2AE8778BCDF3FF7477B8BEA5062A594,SHA256=AB32B92E102A33A50B558810A785464ECF208BA59CF43CC24F299CAD416E2EB5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.340{49C67628-0489-615C-9C01-00000000FC01}19682784C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000009454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:43.310{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50030-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x80000000000000009453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:43.294{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50029-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000009452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0489-615C-9C01-00000000FC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0489-615C-9C01-00000000FC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.199{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0489-615C-9C01-00000000FC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:45.200{49C67628-0489-615C-9C01-00000000FC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.965{49C67628-048A-615C-9E01-00000000FC01}6561992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000009486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.887{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4F77A04821C115F164361D3721DDD023,SHA256=EC243FE5110F784EAB873649ECD6038D8F35189A2A0387A7894CBD09A6325561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-048A-615C-9E01-00000000FC01}656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-048A-615C-9E01-00000000FC01}656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-048A-615C-9E01-00000000FC01}656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.840{49C67628-048A-615C-9E01-00000000FC01}656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:46.793{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2ECBA662BB54CDDAE6D128ACD2AA19E7,SHA256=2D95C197901A7738E31728A51BEF428B1D0119F19EFA672B4B293AF652423AE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:46.754{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CD590C6E493F5032FBD195C42D589BA,SHA256=E9C8F0162FD5ACB4A8A789604ACB3695F916AE7484AE1969FD5736E268961FE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:47.754{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=446E0A4EF1AB8CA0C3E45695FC10FC64,SHA256=1B3D6396C58996DD127327F3BBF02A6612DB39267DD93ED8A0D3B2105E85EA24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:48.755{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97C8CCF7C600FD7B93172931159110C7,SHA256=B60AEA440AFD153312FDD79C95B1CF9EA78550A0BE4FBC82ABF1282998F923CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009515Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-048C-615C-A001-00000000FC01}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009514Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009513Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009512Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009511Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009510Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-048C-615C-A001-00000000FC01}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.949{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-048C-615C-A001-00000000FC01}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.950{49C67628-048C-615C-A001-00000000FC01}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.465{49C67628-048C-615C-9F01-00000000FC01}36003028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-048C-615C-9F01-00000000FC01}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-048C-615C-9F01-00000000FC01}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-048C-615C-9F01-00000000FC01}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.262{49C67628-048C-615C-9F01-00000000FC01}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:48.012{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DF0D179E3C4E6109C99478754FFAD8D,SHA256=107608B74E3522D242EDDA063A862C855E3FCFC59DB060283BED44C73D600135,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:46.781{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50294-false10.0.1.12-8000- 23542300x800000000000000025540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:49.817{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBBF54EFEFDBFAE15004D8CD69DD78E5,SHA256=A6F536D4C97F5F5DBFAD4DBA2D46272CD343D2CB05F8C1F9A67D5AAE82EB3892,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-048D-615C-A101-00000000FC01}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-048D-615C-A101-00000000FC01}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-048D-615C-A101-00000000FC01}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009519Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.577{49C67628-048D-615C-A101-00000000FC01}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009518Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9420A77271A3C051C2C4534E6D46E830,SHA256=2F95CB259D763D260FCF7DB88D76B5B55981685E13F81621D2D3173768F31C6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009517Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.574{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64326FDB52D89BFD1423B64B5C321DDC,SHA256=AF547EF758E628F4A54D4FB0C5D9A071D118E12AAA9DECA547A54EE7D08AD370,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009516Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.106{49C67628-048C-615C-A001-00000000FC01}35964064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000009534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:50.590{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7C76744264F909C32FE05970262462D,SHA256=7D0996AE58BD6482FFEF38C412B51C028BBDB8993C7F7CED8F9D5BE42CD09218,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:50.590{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C33B123EA25C2F5C5E6F14F5DC8D751A,SHA256=589BE1A169CC3B4255AABCE6F64A76EF5065558C5A7B116316760B016A4845ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:50.473{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=D3E94F4488B1F58EE26B36B3E8ACC03D,SHA256=06A87A79F7D2A58903ED48994C0F255F7778649080EE519F5C5618B8ED89B8C8,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:49.169{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50031-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:51.605{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B1B6BA0BE18533DC7C919446E063E8C,SHA256=F9FC19DD7DF6DFD37EE331EA1F829DC5D65504689B11ED26D534FEF10D687FC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:51.051{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F2A2FE063B6589222F333C49B9F33EA,SHA256=E427B4372B0D23AA1629390C02E4944033337B9DCAF4054FB0F0ADBF0610C2DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:52.793{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D8282446553FA870E9F682836D517F6,SHA256=13F82DBEAD4CA210D16302382212E92D2A87927A132EDA9E69985CA6DB63CC23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:52.098{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CF52717650D6246C977FDAA86683A00,SHA256=FB1495E63B1C6865176C0A70198D226B5284D544C5FAE8F92AA9F7536B8A1433,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:53.855{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1076835BD70B0F34647A457E3CC96A2F,SHA256=2E5F27A91C4A3D583EB04961E6C88AB1EB8953EB7C703E549E004CF1E9F83D56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:53.098{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=847F2D2E77ABC12A51296E8299BCEF8E,SHA256=64ED1D62BB70AA01AEC7587DEAA5A368CC300BEE37475EE15BE5D358E41D67CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:54.855{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D2ACD754F4D9FFC922DFE5FF22E901C,SHA256=C04818A111A47205B80438567E2A18C32559279ACE2F229B7A2004A7A4B0C49F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:54.129{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50484290E57EC7E4136A94D29D9AF1AB,SHA256=DF1B674A8C06B3BDC0A2D0F09094E60945E36D0C7F2CB8257A655617DF30D61A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:55.855{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=141B43AE07A1B3645549E8F1F647DBAB,SHA256=AF4A09F570AB0D990C08821C268C9AB9D9B761CD3F219A9F6DB469324E865647,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:52.781{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50295-false10.0.1.12-8000- 23542300x800000000000000025546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:55.270{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FA70783977E57DC16947B9884C40F7D,SHA256=5C2BB8F087BAA4D7D8D80D0415CFC96AB0F81C023F0A1F10883384B5DD1F0FFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:56.855{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71EEF6352B5EB26ED6CF598A0DE4EA1A,SHA256=58A9499B4FF49EAA26D97F5389F85E61C095011BDFA0D5AC349E8F4C973DA9CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:56.301{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C20FA6E4542A924C65771B7EA9620D3,SHA256=4091B23CA3959999D37997A40CEBA7C46BA27FFEC7ED62E177B9E1DB19CE3599,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:54.170{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50032-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:57.866{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E7A4CB879FDE2BD6C9B4CFF7C29986B,SHA256=0596FEF25168D22AB3C2B45EF2C15698029500DD94B8E10D7EDA34DE96835D0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:57.317{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3179C27940B8812DCBFE5514C58DFF9,SHA256=7ACE87C7201DBD3D33EBD420972A56344024FD3E48E4807C2F630DC54EED9465,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:57.225{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-034MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:58.991{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82D0DB9F4A810AAFE192EDA0E45F781E,SHA256=7656655A5B982BB96BD3A8950886BDCC337971C2750FF1C3A1C637B3D72AD1AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:58.326{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD93D908D6E9A907D3A2960B1D81EB57,SHA256=34FD33139DC444A7C722F5426D404216BAD555247D7D63E833FB44DED309EF8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:58.235{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-035MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:59.344{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A53D19F6A968D68264140931D64D41DA,SHA256=2C98541E75C038021CB25820A9D7E497C614C807A697EF56DA67053967091398,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:53:58.715{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50296-false10.0.1.12-8000- 23542300x800000000000000025554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:00.360{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2C739E8F0E697FC5F883386A97148C2,SHA256=67DBD318A359938D9F42513E3436E9FFE4622F25C232DC7EF29BE93EBDBE2C97,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:53:59.242{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50033-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:00.210{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1A9EEFB7C5AFDCA921BED13D9F49A05,SHA256=A93AC33B9A503E1A59AE00076529C2AED26DDCB2D329525091D4FA6E8757A5FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:01.376{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C76E1184A6CD706D66D46406207A136C,SHA256=7CE51C0A6101B3F7A9560742720530E977F9A7C5C58AB888F4F1EA932DB6BBD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:01.444{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F8894DA2DD437DB31AFE5FB5E95B272,SHA256=2A06E6157CB4D5C4F6DEF116715BD501143D96ABBAD0F46ACBF9FABD0DFEC9F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:02.600{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BA612E4BC1F93414A297591255E82D7,SHA256=A97D5CD26FA872F99C5C0F0DA75FDCCA864827908D194A4075051C443911AF6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:02.391{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=361E914B0A5124B9D917E5610838F540,SHA256=72997F37EEA04FA7A806C4ACEF3A3B38B717F7FCBB521B72EC3C354D56967DAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:03.725{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CB8A503B209D1FBE656E91F3C1D1B35,SHA256=6E9EA91656C6C7F506B88FA8A9B7A4F6160AE0334C030852480327167A0B2A2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:03.423{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=078D7067999F1BB71F5D559F7EF4F703,SHA256=15743F149B8923BB43535619F9490E707B7C8B8BF5908631BD84EFA05A18CEE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:04.897{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03173083EBB322B313A5800599569AFA,SHA256=2D9AE200A583E457C580A72D6D9FF43A78AD559F4B41475D1C46C84922D39B3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:04.423{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7ECC725B8E8F1834F0484366BD446B25,SHA256=882BCF8E3783638B1F9DCCBDCD2AF5ACAE0676EC6957E8116CFD3A777985F63C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:05.897{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=017ECFC3855903DE1CD5313A85873020,SHA256=61682159DD8C8E0F73157682AA078BA428AD3FED09977B91C51F07FF74D2FD35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:05.454{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50B17EE9E955BC6C053401BFD1EF7685,SHA256=6F05633CC6C833F11786391F24F581EA89CFDCC95D7ACE121417A44FEC4E1EEC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:05.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}9082492C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1100-00000000FB01}480C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000009551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:06.897{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70CABB6858A774AE863D3B8C7C52C32B,SHA256=52BFE2856D7AFF1F9526651D888445A62827324A572BC5C9B613A459D2B764D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:06.469{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C526A0C50CACD840AB3D2CCFEC39AB1,SHA256=2228DAC9533C26FDDDDA69A633553605397D9FDE4CBB165492290A23913C8DC2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:03.840{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50297-false10.0.1.12-8000- 23542300x800000000000000025564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:07.501{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39876E6ED3C180AC94FF1BD70611FE11,SHA256=5918F716C5A8C3801187E7752A8A7A295A94102A8D806C9420BD699DF09DB305,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:07.913{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BB0B39DA08706A36571E5966D54B95F,SHA256=E62904BA9F32414B8B33F81EB9F8123CB7F381DBCF1E97AA0F814024FD9D6802,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:05.211{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50034-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:08.913{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76831604BE52B734463A6ED537A6AA23,SHA256=8D6A349AD62713409CFDA15FF43139EFE8C484B6C3A5BBC5A5DF1F81E2B27236,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:08.719{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51D914CE7003568C0412CB31FBF1DEB6,SHA256=B0133F10B412A691FE6DD4F329180CCE7FDB40062B67D2230C7BF15E41B0378D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:09.913{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7703CA8CB0F6B33AAE312579F54C1AA5,SHA256=340C5300B8C42A28B6FCC8B1BE1857E7EEBB28F092C96FD8B968D4E1266C4014,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:09.751{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FD866B486DE890E5134C6BAA5023637,SHA256=8E1A7D1BC85522EEE4E16ABDACE8187ECA356E342C7CD103A1DFA5E0383F3941,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:10.751{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB6FDDC82A9C3870A87D55784E37566D,SHA256=A18119002A2183204DEE47964323350F4DC3D2DCA2FAB2EB0F73076FBCAA79D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:10.913{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADFD16F728C4CE2FB049E0E7B32FE56A,SHA256=25B6745B1E7AA31566F1BFF37C1A3C8F4D3C8712F28751DB6FB29AEC9EE7196F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:11.751{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=765FB14E9E7DFF9F010DB9068E1DD66B,SHA256=E2C938CB2AC20C5FF2993589B73F44FD3BF3A03486E62D9AEF277FA9A39AB0E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:11.928{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54B784F549E6A3D9BB8B3C9E3F381DDE,SHA256=F9B91EFEC0FC97FABD71F546C4FF2BDA99C792B2A5392F15C9E96C7B905ADD3F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:09.762{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50298-false10.0.1.12-8000- 23542300x80000000000000009559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:12.928{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5264AD6CB1D3BA18E4E6A2AF186689AA,SHA256=B5B5D12ABCDA15A9DE9C94EA8AFB1B5B4604AA6452125B62618C331495930852,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:12.782{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF7F438035CC8910AF8EEAB4DA1B6962,SHA256=60A7CCC4D82E769630ABE1D79C2FC66908C7C2431273BC6DD3DE138AE1CA57A0,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:11.149{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50035-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:13.928{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E40C19BEBFD3F196A51CBF6C370C4E8,SHA256=AC8B23B58230C48D736F00D04E4C31A78D6497C3D9D4AC10040CF04FFEF7650A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:13.798{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F88C138028F7093637FE9C807E6674B,SHA256=E13FFA1BF910B61303895F191D6E73D271B2BE92255E7A776A81B6923C5CC996,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:14.798{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13857D2B6C0FC6CE8C27830CAFDF3596,SHA256=8D0148FE837DE6421E1D9AD47A95658E36C06653CE7B8DC89078BC92C366AB57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:14.944{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3DE25AEA1033360249622DF86155551,SHA256=B5C40478703E66166291B225A3D4F4FE981AD0964936071C359DAC35E141E0A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:15.813{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA80E06584AD65798667428542CDDBE5,SHA256=661303342D6431DBAAF1BA63D84AE03C6424BE835A9BD4459F02D5B1CC6F0EBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:15.945{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE549150D0B1B28A5C5C377F2EB05922,SHA256=338D17FFDABBC427A98907F87D130B6F119D31E8699A3853BBBA160E691DC56D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:15.933{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-027MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:16.949{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB32F15888706537D73A62BC06E5B44C,SHA256=29ADA750BFBE2C5A0EC7A8EC6D173D1752B9DAEBFD8A24CFF29B3FE8B3959167,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:16.813{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46783EC0E39FAC6BEF8B08E111E2BA8E,SHA256=6CDA96B749BD70BDD82602681296FC6686156A88536AE312743A7AF8CEF58A67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:16.946{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-028MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:17.829{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2376A634514B65B49838A37BB2952CB,SHA256=3819045F6B9F7C83DF5FD6C8DCF07ECE677CD71637AFDA1CA0605CD0E7A8E286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:17.376{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A80A6C264B14C7327DE83599A0AAE2D,SHA256=AD38EFE14A8D3976ABFD9062451A807F9DD4712F49F4B41264C9832E2C73494C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:17.376{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F33873E0A0DD0741E64E19AE8B04B573,SHA256=33C7319284634379DB541E9EC4671DBF33A9669D3F5392C623F05EE2E55C1847,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:15.746{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50299-false10.0.1.12-8000- 23542300x800000000000000025581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:18.829{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75B45E9762DDCEEA53B142C95FBA5F31,SHA256=4155FD1F27EB9FB36F806CCA7AA210F1FEA380DB2E11C4568215D59628E9A746,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:18.102{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6403F5E158109F660A4FDD73C1835D9,SHA256=B1D4914673A6DAEB55B321921A4D2987A0F552B98068BD44E0E244CA7302BE63,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:15.981{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50300-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000025579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:15.981{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50300-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000025582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:19.845{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=579B55F9AE31E7571085F1B76860A6DF,SHA256=FCEDF25C19B1517CFE97B3D8A9937AA168A5C15F94398D62C85AA4842A5B1651,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:19.258{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA5248B8A725332362DC1FA3BD92EEB9,SHA256=477BDD6EBEE89DFE6074F211CE1828017CE9F0FF92AB0465AAC2F5E346C38739,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:16.290{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50036-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:20.860{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DF8EF2D953087DC17D9D2D524E0FAA4,SHA256=F03F5A9AA5D7393F39075060ADC5A9E72A319A92546CFDDEE4BC1BFEC5C587EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:20.383{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7380D65808E1A0A6895D23D3B7DCE3E,SHA256=A7E4F7F67E86BC32C91C469B814BED92EEDA94CA2879A0705AB3B58CB603D401,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:21.860{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECAB1A9AF54C9CCB0E44BBC8B9913C19,SHA256=DC8EB18EEE2C1CCC620A121CA3A909AAB552674C427EFF266049C130C77E5093,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:21.539{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E56D11971380D1EEA5E19074462A1DA,SHA256=9F4F329EAD898585286B685196609EC980F56C3C92264D71622D75AF01AC8302,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:22.860{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D8592F809ED4C736042B0A98A3F674E,SHA256=0B6650C8BAD3F3B06D687C0C16C4902A7AA253B22D3B9A51C3B1B2E0E92764BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:22.774{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B20C8689CF580776DDF4DDC959D2831E,SHA256=C7EEEF1656615DEFD999C5DFF3B1DD08D16D9C9A143F96CDDCA42D651DC7777E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:23.805{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B35E57B6C4F14E631FCAAF4D87403C8B,SHA256=29D4B2F7A61641E30B3E70F699EB5EC9D787D9988C4961067159A7BFD67CE081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:23.876{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71D4C14E8D5A7D9A0EE4770778849892,SHA256=96877F4FA7BCDFB73DD4957E8E846F73F94FB0211377E8C4AB60A3540CE55266,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:20.762{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50301-false10.0.1.12-8000- 23542300x80000000000000009574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:24.961{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBB8708E3B73A371583C5DF41E23CFB4,SHA256=943481668D2046EEF9008FFD8843D938572EE6B5F20191D9632BD437F8A9B208,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:24.876{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4A63FD8EB67372921929DE1146AE764,SHA256=7D282FC260137D050402E96612FF66F16EFB7D63CD7743157ADB577A829F3517,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:22.260{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50037-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:25.977{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D38BC841F2C2EB7AE9D2931545FC9D27,SHA256=0C79DD0037285273E2650E11B1DFAAE9C2BF17195657585991421A8406BAF8ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:25.876{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79885DADF7920BC866D9880912C2FA15,SHA256=06C222D820D1830745DE0630A0FDFA82D3C283711CFAD0590953CA879CC23957,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:26.892{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCA72C0E2BDF3FF712DC4018A4B14526,SHA256=000117604780ACC1E2DB6BF0A962E659DCF3C35F725A386FCAA9C01368138EFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:26.977{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA3B50E9401FD6DABAD02394F0E49333,SHA256=3BC536D375C277726AD3F9BB22DD78D7D7AA1C34599D933686B9CE6AF816BC66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:27.977{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF37AAEEA6693A55F0B02F69213E1A11,SHA256=ED600748FE8DBE0EAF70C52E9413E6F6D1B3E8E63CB539BE818CCB23D3133E4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:27.892{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71A3F2B577AEF4F522980D435A1BD09A,SHA256=D41779D27128061370E3E661A7F74ADC4EE33B22F8973A44E305FC2CBD4586ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:28.992{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=569C45A20EC79B33D5C24583E769E934,SHA256=9D948B422FFFBF3D93BA873139397D3EFC923DBD1F6576FB720083D9A6D93313,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:28.907{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2095478DA1DA7D796AB5A2CDBDA11AE7,SHA256=A28C562FFFC0DC4F4A4984DA1541A18923F7C1A4D38BF5D0118121A43E256AAA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:26.699{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50302-false10.0.1.12-8000- 23542300x800000000000000025593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:28.595{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8BE4B056177A4E19C996B118C8D7370,SHA256=D83F7A9163B959053778D15F295D26CB8476CA09C58ABDCBED25E32AAD24F5B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:28.595{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A80A6C264B14C7327DE83599A0AAE2D,SHA256=AD38EFE14A8D3976ABFD9062451A807F9DD4712F49F4B41264C9832E2C73494C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:29.938{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=991FACD9DA0231A44E3F090BB05026C4,SHA256=9832CF399F908A44676EF7C26509800F7E10F7F7052D978E55431B51CDD594B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:30.954{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9647259075EE0A3A333956440A17F2A3,SHA256=BE08B8A4B60F6AA83EC1B924AF393782F987C9CFC04CE0BD6B3DD765708AF94E,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:28.182{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50038-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:30.133{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F09D94133A8AAEAD19DCF0AF53B7743C,SHA256=3EC5578709ED8CE2D5308C679F7AE8251C77FA90ABBDAB46690933B38E293541,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:31.274{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23A3870534E881F09F11F08A7BA6FF06,SHA256=43C524FCD081BD87186FDB92307E7333E959B2A670E17DE00702D358A34C1C2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:32.414{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89E39B2AEE31548D6A9C7D53249C38BA,SHA256=B54D281C8A8F24652885977C55AAE8CA6C097273A8AB0CA8901A44AC458AA38F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:32.032{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02AA70B97B3D7AA599E02C05F2814710,SHA256=45008D442CB85FE278265AB1EDDE0D0E4A6EA392D05CA231787085BC9F8A23DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:32.242{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E4F4F92153071D54B06DAC2357319578,SHA256=19D0CCE008157B6718753E187D21BEFA0CEE677607CE29B149EA564178D5BB77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:33.555{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FB816ED4BE6B033D49E325B5DC65195,SHA256=B5C865BDA4EAE3D08EF2B5D94750DF68C2E198BBEAD1C3FE78132E76A30A7EBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:33.048{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E313FACA9BCD7B01F36BC092287712E7,SHA256=88E0D7A127E5E1CDDC387D547D9ECA61CA7DE16762DC0842736D76BD3B694F61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:34.696{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E72C9435017AF2A85AAE231E2C9A743,SHA256=2E8D974A14E8DAAFB756A70DCC03224BD2CFA12F609BABC37C23E50D9715CFAA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:32.699{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50303-false10.0.1.12-8000- 23542300x800000000000000025600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:34.282{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=693820CF880B7610A5B0E616F28130E1,SHA256=DEF493EBCCC6200A4F9150BD40344BAE1148252EA0EB9E689AD67F1A510D03E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:35.899{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EB0189E6D0B8A5FF1395D2E283C3E8C,SHA256=FC7B67EC2CCF814A3B814F56FB748939B29F1AA4E4B891C0C0D7C9E41DD8D3EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:35.282{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA93A6F90F1ADC2F70A7060D8CAF74DA,SHA256=42139ACCF80524E911BBCB2DC1637AEDE54E45239AC9D05606020A15499C8696,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:34.103{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50039-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:36.992{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FFCAA28F5C6C437E2F46294C62D8E24,SHA256=C94C380E55AFAA0610076A1C917FAF2FE72E57289E3B6027CD7F38C3D7DC31CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:36.298{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=362D23510F745FB5F66055C7322B1E1A,SHA256=F2B1E60B3C94E448E342D77D6DC684FDAB6EC0CE1E15F50E14C6317A962FD0D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:37.996{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B73FCA552D1152DB02DD08FEA7C6257,SHA256=7FA15311475C3BF294E611B02FA97FD2B804541B26E247EC0AF4F7FF01A84C68,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.610{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.314{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B52B1F95B8E0E83EB7A275C254537DCF,SHA256=29BAADBCA21C18B36A24ED43DB9B294D5E578E69D3F3D73F474D679BD4C81C24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:38.996{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CE62E6FAD59425AF57675A0D437C98D,SHA256=7E950A04745C574971C7B94A08C8E99F4FE7C0B7E2DF3491F042543B5C5C82F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:38.708{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B4085A4D0399467CCB3925533BB9398,SHA256=C74EE672CE6DB2632F505E86E3B6E1625506D299D08D12DB844978D4CA2DC69E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:39.996{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8E382F88CA0B9658432098B3480964D,SHA256=26A03A3ED985F6C5B822D3EFB0201BEBB2BDBD7C5CB41B3E8811ABA829B5ED80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:39.708{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B26B5919F193ECD1057BF82715FAD36,SHA256=A7FDA746A3BF567C6B7F18E72A7EB192A0437F4A65DD76589323B9D18990D41E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:38.990{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:40.996{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11813CF044821D0FF6ACD694F6C135C7,SHA256=345365F19F1FF1EA57284FD429B4170F326D701796DEB174E4BAD87F931D9BAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.943{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=035FA0E64EC77D46AEE5C04FCF37A915,SHA256=5861470E8C02BD84A8681B96EE911EA929EA1CBC5B69EE08628616F27528B797,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.911{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04C0-615C-7D05-00000000FB01}5044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.911{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.911{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.911{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.911{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.911{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-04C0-615C-7D05-00000000FB01}5044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.911{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04C0-615C-7D05-00000000FB01}5044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.912{6EDEAD03-04C0-615C-7D05-00000000FB01}5044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000025649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.239{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04C0-615C-7C05-00000000FB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.239{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.239{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.239{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.239{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.239{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-04C0-615C-7C05-00000000FB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.239{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04C0-615C-7C05-00000000FB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:40.240{6EDEAD03-04C0-615C-7C05-00000000FB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000025641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:37.813{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50304-false10.0.1.12-8000- 23542300x80000000000000009594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:41.996{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A6F1F3DDCD1A831A1172EEAE547A182,SHA256=35210F79247813B068AC05FF60E27355A86D624EF1FA7B54CB49183F0E094325,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.958{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4811133ECCE9F56C82C0F490D8FAE32B,SHA256=C53AD0318219D9935338DD7DC72B31A963E9A0F4569322945421520F7898678C,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:40.107{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50040-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000025670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.583{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04C1-615C-7E05-00000000FB01}6564C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.583{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.583{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.583{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.583{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.583{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-04C1-615C-7E05-00000000FB01}6564C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.583{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04C1-615C-7E05-00000000FB01}6564C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.584{6EDEAD03-04C1-615C-7E05-00000000FB01}6564C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.271{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DBF97FD20279CD349022B19E09DCC56F,SHA256=8FD509709068C9AF0FCC3154431CE07F14D103D6AF585B3B5C8FF92E00F12542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.271{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8BE4B056177A4E19C996B118C8D7370,SHA256=D83F7A9163B959053778D15F295D26CB8476CA09C58ABDCBED25E32AAD24F5B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:38.597{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50305-false10.0.1.12-8089- 10341000x800000000000000025659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:41.052{6EDEAD03-04C0-615C-7D05-00000000FB01}50446568C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.958{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C242B0720D52987F495D3B535121455,SHA256=BF0A355EB6F7A853664B83101BA7057184EC91A64CD9B68F7FB02F2097553962,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:42.996{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0665C8ABD2F3DE0F83418FF5A67AD58D,SHA256=AB0CEB97745403797992D07AC9D3CA2BDBF1EAFEC47D078D6211F33329BC1DB5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.740{6EDEAD03-04C2-615C-7F05-00000000FB01}46123912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.693{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DBF97FD20279CD349022B19E09DCC56F,SHA256=8FD509709068C9AF0FCC3154431CE07F14D103D6AF585B3B5C8FF92E00F12542,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.599{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04C2-615C-7F05-00000000FB01}4612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.599{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-04C2-615C-7F05-00000000FB01}4612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.599{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04C2-615C-7F05-00000000FB01}4612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:42.600{6EDEAD03-04C2-615C-7F05-00000000FB01}4612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.974{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D334B49A87E14A629A9BC23E4AB7C2CB,SHA256=4E01FED981D57A8F2D28D242A69D4BA19FB1021A6CA2FCD01F4C6341D37FBFB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:43.997{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A1BFD91951D31E458FA11EBA964C9CE,SHA256=25058A8023F2B43B75458ED8FC3E82858AF3D2D75E8530E9934A94DB37BEE066,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.896{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04C3-615C-8105-00000000FB01}6716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.896{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.896{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.896{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.896{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.896{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-04C3-615C-8105-00000000FB01}6716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.896{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04C3-615C-8105-00000000FB01}6716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.896{6EDEAD03-04C3-615C-8105-00000000FB01}6716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000025691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.318{6EDEAD03-04C3-615C-8005-00000000FB01}32564384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.130{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04C3-615C-8005-00000000FB01}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.130{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-04C3-615C-8005-00000000FB01}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.130{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.130{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.130{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.130{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.130{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04C3-615C-8005-00000000FB01}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.132{6EDEAD03-04C3-615C-8005-00000000FB01}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:43.309{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.990{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=507CEC02BD327F7A50A6E54148AB9137,SHA256=C3A63A9D5A6E7B3D5C6A27949A098CDEEDEA9CF12ED7E81EE13B19D3ADC2EE7B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.755{6EDEAD03-04C4-615C-8205-00000000FB01}35123196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.568{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04C4-615C-8205-00000000FB01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.568{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.568{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.568{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.568{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.568{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-04C4-615C-8205-00000000FB01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.568{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04C4-615C-8205-00000000FB01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.568{6EDEAD03-04C4-615C-8205-00000000FB01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:44.271{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=20AB40E78CF99EE5BB3655A3C707FD28,SHA256=31AB18F5B8AA107877773F56704ED8128451D3008AD17E077E37E0EC0061C9D9,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:43.326{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50041-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x80000000000000009610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-04C4-615C-A201-00000000FC01}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-04C4-615C-A201-00000000FC01}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.559{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-04C4-615C-A201-00000000FC01}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:44.560{49C67628-04C4-615C-A201-00000000FC01}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:45.583{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB232B8C52F1EFFBA012A726F3E5EA12,SHA256=B30D010B55B1108593082D76AAC69EC9D6B22DADC62A472191D4B72BD931BF06,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-04C5-615C-A401-00000000FC01}2544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-04C5-615C-A401-00000000FC01}2544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.809{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-04C5-615C-A401-00000000FC01}2544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.810{49C67628-04C5-615C-A401-00000000FC01}2544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.590{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9B1DEED2500FBDEDE288CD4F2373DCBD,SHA256=184F122EACD44F89344762BC394421E63B96033D894EE6DAE7676993A8AA504D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.590{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A6B6FB3005AEEB347CAF90F3AAF0A68B,SHA256=124326F578FF4B2E4DBCB07A7794CEE879C883E5D49657AD6F2BCBC22E84350E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.325{49C67628-04C5-615C-A301-00000000FC01}36123416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-04C5-615C-A301-00000000FC01}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-04C5-615C-A301-00000000FC01}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.184{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-04C5-615C-A301-00000000FC01}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.185{49C67628-04C5-615C-A301-00000000FC01}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.013{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=409B3EB6A91D5D7AC39708EF7413EFB1,SHA256=46DD58E2DF27E274D4DB8B249A9DC4E9115D18716814B345EBD003C7DE065F4A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:43.781{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50306-false10.0.1.12-8000- 23542300x800000000000000025713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:46.083{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BF1E569FC64C5750C6C60477D5E05DC,SHA256=3D2FFE7DDF8741945CAA3C1EFA4C67C952816FAFEA926B4A633C50ACB230BDB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.872{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9B1DEED2500FBDEDE288CD4F2373DCBD,SHA256=184F122EACD44F89344762BC394421E63B96033D894EE6DAE7676993A8AA504D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-04C6-615C-A501-00000000FC01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-04C6-615C-A501-00000000FC01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.856{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-04C6-615C-A501-00000000FC01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.857{49C67628-04C6-615C-A501-00000000FC01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000009643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:45.264{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50042-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.168{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D708DADF2CEB30B4734595778B06826,SHA256=ABAA266FD7C99AE929E4017DE0289CA6962AC36D086184E7636ACF369E2F5F0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:47.083{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4695F7302C6CD54C7C084E1A1845F52,SHA256=BAB37F739741A6EC30B8CD974B618D9A25E635E93DD438F3CE1EE569CB0BA417,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:47.200{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64289C11F980BFB4B439A0B1BCDDA141,SHA256=FD3E7E067ED837557431C25D759673188CCA9E2BBBDDE353B0C6F277A2E84826,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:46.997{49C67628-04C6-615C-A501-00000000FC01}33243704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-04C8-615C-A701-00000000FC01}1844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-04C8-615C-A701-00000000FC01}1844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.934{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-04C8-615C-A701-00000000FC01}1844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.935{49C67628-04C8-615C-A701-00000000FC01}1844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.434{49C67628-04C8-615C-A601-00000000FC01}36402104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000009673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.325{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC0E2DCF9FFF7EAE0C37CCAE8931AAD8,SHA256=959B25CD0400C5E3D7A36BBEA8B08E1C955C816EBACBD716B15463308453E5B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:48.083{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7DD812691F5F5D12E7E250C3F107A57,SHA256=4D2C8D7C9EDB9F5CD58D9B97CCBF95D4AF7618847990ACBD72D818CF64C602F7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-04C8-615C-A601-00000000FC01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-04C8-615C-A601-00000000FC01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.262{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-04C8-615C-A601-00000000FC01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:48.263{49C67628-04C8-615C-A601-00000000FC01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-04C9-615C-A801-00000000FC01}3216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-04C9-615C-A801-00000000FC01}3216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.590{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-04C9-615C-A801-00000000FC01}3216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.592{49C67628-04C9-615C-A801-00000000FC01}3216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.325{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5AF060428529B746D1167AAB53759CD,SHA256=B16CD25C5C0401F7B26262B8C5722126375931921BEE827030C6F3669D47E05F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:49.083{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE91E9CF211073ACE611FBAEF4540756,SHA256=BB2FB6655D622AF7A5E435B33ED0199E53CA087DFAB82CAA8C3831C6A196CD9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.262{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8215229452B7F81AAA67BC9AA98120EE,SHA256=393874125342E5B0DBFB56372B5F4337FC87CEC06095510ECE275CE981B8A935,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:49.106{49C67628-04C8-615C-A701-00000000FC01}18442800C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000009705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:50.606{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E3C616062394D61D12061A1A69EE346A,SHA256=6CBE4F7EAD02A28DE0935CA7B2330CA35F460C4424A7A441BEC17F73AC136E9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:50.325{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2F5E8461965B3BAA4B29A516CF9A9B4,SHA256=F50E6F55F9C619B8B7B5C031ED73C185A1D357CB91C8813909AF11FBB40B54F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:50.474{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=A49B4DCD9718FC44B4023162447D7801,SHA256=47D5F11708BBF7DFB7A83BCFFE294859128A383BF8919933D928D34F759602D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:50.099{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9ABE51C9055580465B58BC4B99B73B0A,SHA256=94AC7C550CECB329F1F33EDDEA8A686541ABCAEE458E93F043CD5585204C5F81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:51.559{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89FC94CC27B57F668CE57AC5F5F542EC,SHA256=E66F966618C4FE9BFF90885D156CCB612BDC00986A8828961B5993708D4514F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:51.724{6EDEAD03-FC1D-615B-0D00-00000000FB01}9082660C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000025721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:49.688{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50307-false10.0.1.12-8000- 23542300x800000000000000025720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:51.099{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25DD56C3238FA268C1B89599F191D851,SHA256=152B11E9BCAE87A36D1322C671BA6D2C1139007AD942A6443E446A29F62CF12B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:52.793{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40DEF812399E6177FA5350B40BD7E5AA,SHA256=0BE4D1D90D93FC28F3326D16F8830BE827E7EC6E3B7088AC707B1A35BD79E41E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:52.099{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF2F7E86625D7935A2CB3FA23786B679,SHA256=49DF08AB1463EC87E6B0DBFAC031A246A8117E5459A81051A34DD01D688E32CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:53.130{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=225B5C5D83994395373FD3C6CCDF7CCC,SHA256=429EC53CBD0F7DDA774B4FE59EDE8BFF126096F259B033637008FF70E6BD5EA7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:51.186{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50043-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:54.287{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4D9783648FF1A66E94037D9F9891A46,SHA256=0D3644CB0628A4C03AA449409CC8FA6F75CD68D4E78A93C5926B5296CAAE522F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:54.028{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3BF3C1F63F81C40BAF62F04E7D79DF9,SHA256=C58B4420B80153D1749AE88D64618565C39DCB364BFE4C464F1C50CF0CF69433,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:55.302{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C957C341F31B77882C4F604FCAE52E17,SHA256=076B04FDFDC5E03198E5A7920BD2DD9FEAC5202BB681BBDFF6B8AEAE90578BA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:55.043{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3495854E175D23DBCC6060CD57E492D5,SHA256=9A6EAE6B3DE033C81566E889917214A7016B94BDDE01123C0318C6F1C2C5623F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:56.318{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BF13622DDA92ACA85ABC02A8AB477CC,SHA256=6536B4085D511144CCB056CA481F955B89F61364D232D7BB7708CE14FFD6E228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:56.075{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39268CE1A543DC80AE37041825985138,SHA256=230D52017C30E057D68E2371C33BEEEAE063D113AEC19618F3F2B80EC9D5B5D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:57.075{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDF115B7EBDE874122D63E911E91F1D4,SHA256=4E7718D822F83F5AA90D9DA1015EDC458D6F2608ADDB92AB19A6E402290A9672,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:57.333{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79A7134430F083BF42C85102A76283C0,SHA256=9C41D670FAE4F59D9E81AFC0FCA38933DC1E1793095801E92AE48D8E073053C2,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:57.123{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50044-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:58.302{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9FC724807753D8FF4CD57AB49D48030,SHA256=88C9C6D1C6F8ED1CC583298ACC0F6C6C9DC64E40A2A9FC0C548D5F87641170ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:58.768{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-035MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:55.656{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50308-false10.0.1.12-8000- 23542300x800000000000000025729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:58.358{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0E7321813C45E18C0516E5AE7555D26,SHA256=001BD29F991302A5D98685357B1C75EA3450EF813AEB603CA47F039F491C9CF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:54:59.536{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9B46EDBBA54541F21383D822EAE07A8,SHA256=9520A95D8F458E7E26624624A39CAF6AC1B8F416E7AA2E9850C7ADAE3F713D42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:59.769{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-036MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:54:59.361{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3231784A3AFB038F97DBD63BE8655577,SHA256=30226823D03AB5C4EEF6BA613E35E4794D23ADC43CD91FA2B72AE8B33BB85440,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:00.770{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59B28D72F4CF753DE6CC147C852B25BA,SHA256=8329DA1808446FCFDECAABCFED7A42AEF3DF48B8135D335BDFF4B456C920DCC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:00.362{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2BF479741D5E00A61976BE7FFD55CD9,SHA256=8E65334C8E8D19A01470689BF40062DBF2B8364509952FFC769123CEFFDEFC21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:01.973{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E51560233504B8FD1030BC6584D00B6D,SHA256=0504D200096D4700A11EBEED459725F0A65E6F4F0151C4C55D3BF8806F7F2E5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:01.409{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B68BAF92BFEFB95238D1548D642C046,SHA256=ED34CF3EAAB9D79E492181329DBC566C712ACA6F5A3853CE1D96F06792A8A86A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:02.989{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CE0885A1405302FA0B0E82D97059C23,SHA256=821553314FA7B2056988A5737E5AF7DDE07070E5CD41B8F6B6D6EF12C21D2C12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:02.425{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F068047A76398A93BA070E0E5E810BF9,SHA256=CC10344F0825AFAD6ECEFADA0BDA4BEA43E54737A5A15132567ECD4F285ED709,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:01.623{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50309-false10.0.1.12-8000- 23542300x800000000000000025737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:03.440{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=506C5FFEA9479E1F84FC25A4649F9A77,SHA256=BB1BB40FC8574B63A7AA104F1C0972ECE6F2A7D1BDA233FA0D2DE1CDCDDE6C62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:04.440{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15C755B862C5271EB80B493D236F59F6,SHA256=232FDF7E8FFF58D5F319C1452F1ABE1C8C33F1877F7165ACC5AF18B3F30B0C6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:02.256{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50045-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:04.114{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB72222CCF368D6F6B0C4E9143BB2231,SHA256=1C65D2E81CB1B58148E0CFF232C051AF3929C6158874D310E3CBCAAB0EE648CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:05.471{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E394372470B6C55123A74ACD0A669B7B,SHA256=8DE2458546763382EAAA7B797927078356E1609F8799B5CCDA5293471367F7F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:05.130{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58E50C760A4C455725AEC698A5E60DF4,SHA256=B036A32D8E5E0292D246168798A4E904B090BC2E4B7412FB6A1CD24922BAE1EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:06.487{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=151437686951C28273349D7570119118,SHA256=2BA97A253389223456350EA98CB52EFB5EC9DCC4504F30F7466231DF4AE090B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:06.130{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE6ABE9EB00F0FBBACD5213A8ABDC8A3,SHA256=98C39CF9D9DDE8E09B835B5818004108E55C10B6849F6E21B971D763E84178E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:07.518{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D839CB37125A6CCC75336C44FEA2DD04,SHA256=29EAD1C5A955E51C196C3D8E74BD35CF2B7693E588609BC1E61639EAD2032907,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:07.130{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE6530F90E0C7526F3C1369C232345A6,SHA256=D9C6214FBFA9C4C6866260DEA71931B0C7282ECC588B57FF856F132AAD53EB93,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:06.826{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50310-false10.0.1.12-8000- 23542300x800000000000000025743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:08.518{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=324C2A5730CA84E749777CC164E16562,SHA256=27D4437F0B6F32DB2AD2934E258ED42A42EEB13DE0750E3394BD9E200B6DD64B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:08.130{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A0F41DF1A33EFB454D1EA680688FEE3,SHA256=BE65A499D9D010355BC411EFBBA7321AA79C86CB4953B357D52406E274F56F73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:09.534{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39965DBA724F385D5B1B0C9220A465FA,SHA256=A685B737449871AFD9805A8C59814CB38EAE6B1F4669A6D7B6FA588CE0AC11A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:09.145{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D35842A88901C8730677FC62B81A8BB,SHA256=39BF712D7A9C334FC2D059FF5DE078A2E754DFC803523B0F9DE218A9815C44F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:10.550{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B91795F7A0546A6F945D3C3E02D5EA7F,SHA256=E560FA2AF0EBF08942E38DE3371ADC26404087352DEE26894C6C46E43C4AE341,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009727Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:10.145{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A4B014FBD218B22C3772A92B3272981,SHA256=AA54E110C2AD86B53C50A79729D37D01D93A6C2B3D08B7F68D8AB19A3208E38D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009726Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:08.084{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50046-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:11.565{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E73B2352EC95F57B8C62ED9FACF58E7B,SHA256=8D5F5557EE21E34FD75C505178E8F064B5C112EC0AE041FFA07B445179BB93CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009728Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:11.208{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B153B36754689C09DDFC658B5D4F9C02,SHA256=BDA3706CC1FDA6CE81F209CC2E73E8DFDA23198E477AE4EE88450DFFCCFE0AAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:12.581{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5351967866E7A14E62CBACED7A68401D,SHA256=F0293D129492C9BC8451CF14D5403A655916D78EA928E67E96C67B8F7B24B27A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009729Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:12.349{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB20C82B047895AEA89337203089E170,SHA256=96AE628161B9AF6EB6E00CAF4F69D2652ADC83B6A1B159B4E8897CED2B228487,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:13.628{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2F555E20F62D376464F555728F699A0,SHA256=652420A9CFEEC1661FF9371858EAB0164FE6A14004EB0C5BE46D9A8688B0DD76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009730Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:13.567{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10D465645474AFF7C045EE5BA9F579B0,SHA256=6F50C76208A6477089D79AE20B08B2F993260DA7A08398ACC59D381FCAD1EAE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009731Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:14.614{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C53B25A73AE2B882FBC46DD05ECF2CDE,SHA256=261E30CF4C00E7E0E1507B89362448FE5BD3B06636110EF036381BBED47DED6A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:12.763{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50311-false10.0.1.12-8000- 23542300x800000000000000025750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:14.643{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=448DD714B5AC89FA0EEE80EA75E113B2,SHA256=2B0FD30CBB6B0C999F62E40E4B21A6D99909B734E5B2C4F5BA2C3042A078399F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009733Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:15.786{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=130F4F6E4019FA40C790E9ED11BCE33D,SHA256=8C658DE22C0297A6E9582E3E50D479B5300BFE2433525A22A63814DE5815284B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:15.659{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0338C95993BE9180989EECB45F04C69,SHA256=44BF1F254E154C620D26669F2B38B2B5C95BB782A35CFA29EC1DF6AC295469FF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009732Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:13.241{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50047-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009734Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:16.786{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B60240DD88C8F0247B6F233B250F2F2,SHA256=16931ADC7B3D433984813CD742ADCB9D87F5BDAEDCD683F0151C61329CD37625,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:16.706{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8633A1166A3A1EB31C5EA78329BD7041,SHA256=1D97BEDDDBBDDE3B8302E3BAB15F657ACBE60E79E5E558B25F79537D99E76F64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:17.768{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0594A00899DCF2F435B8DE73B9C5252,SHA256=F043209620B50A8D3C5A9ACC136CCD23AB04FD1C7CA4043D5F513DE746CD58D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009735Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:17.478{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-028MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:17.409{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8791FCB4CFCD026F9EC24EC7A2E59344,SHA256=BB381CE06FB2E2ED0F3734F48F2FA982C4A428C252F069003E7C5C11BF1248A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:17.409{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9805921CD933B895B2DD79CCEE7BF847,SHA256=019EAD43098F5E3762C3A998B578388E267E4D2F4B34C2F244BD964F7A940963,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:18.975{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24BF15CD95B71E2B1DC4179666086FD9,SHA256=3B9875F8E3D193B0078609EBD345209536998D141E01F75155409D72338314E9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:15.982{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50312-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000025757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:15.982{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50312-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x80000000000000009737Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:18.483{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-029MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009736Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:18.013{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C38DBD70C3681D1A06D42D4958C376E6,SHA256=996A0D515457307CC5F05F930DEDD09FE6E57C790B0A166EF55EC02BC9D27F07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:19.975{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EC775BAAE6AD7B49BBF462362DF1129,SHA256=387E2877DB20A11DF3D0396E2666AF128BAA211964871853EEB67E7108708B15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009738Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:19.155{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7ABD0B791AEAEC6E833F11F6B0DD0B7C,SHA256=2A7F4C676CC3DE29290AFF3B9A142417E4C7E27638BB566B58BDF47683E36A81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:20.975{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCAB764A7292726051EEB3C2D0973E4D,SHA256=307880960FD518C1B46120601FBFFBF1BD44C49FD2B8100090FE95337F41EC8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009739Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:20.170{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=379A06E92C4702CE6785E1C5562DF903,SHA256=02E67EE5C7E36E611245D8471BE7825E0D2A7BDE92F4CF5D69C1C70D019C8CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:21.975{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED8DCDEB39A57B11703EBBB6134E5382,SHA256=4B0A7B55A6D65A8745D3491CC72DBF48C7F3DA049A920349B2EA83F285680241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009741Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:21.389{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=149EA6FEA1335353BB9AE0C9F1AAB9A4,SHA256=83DA49690BE1B1A2B8B53B4CA4F6ACA21A5A865C8409E59F9A69C261909903C7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009740Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:19.234{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50048-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000025762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:18.782{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50313-false10.0.1.12-8000- 23542300x800000000000000025764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:22.975{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19AF7664A5BDDD8C563D596768FE57A8,SHA256=7AA158115BDF4FE85DB70B3B5467CB403D8776F088358158CC6BA4FB540BE38A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009742Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:22.420{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=379B6EC0C05A11548908DF3F98AC2E54,SHA256=0D863B745B49A0C94BD8FAF78CBC77E73F59826D41F7C452502BAFAECEA66B4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009743Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:23.655{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66A891B96673F11750CB6F47E2290B5A,SHA256=9226AF7C230E57EC8124FA025AB17B26DB56009103E85038CC80BA55CDA97738,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009744Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:24.858{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C9F021A9C57DD33DE1151B03EE6F80F,SHA256=A2313221C1D56BBBD0333D2CCFCA9E1C681ADE946B0AFB3C3830A0697BADA02D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:24.193{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53BEBDAB7617B99E575B1B3C679EF906,SHA256=EE613ED0A22C51C0FC45FDCD56BA27B08D027340585FDA8981B42C899B7C1E22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:25.209{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F321730630652C8BA61092488D4EBB4,SHA256=86137ED727BFC6C5C9327242E3B9D3C842462957F4356F4C9DDF0B395197EF89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:26.350{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C1D555B7CBCC7C3EE03492EFBC86579,SHA256=59F51C8D5816911087D9C9963B6ADB7F405CFEFE051C1344BA55B1E171BF696B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009745Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:26.014{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF6BA132E39FD3ED9809208B81D1F95F,SHA256=7505985CB7EF4797E384F225AC41AC0132604AB4600BC2754FCCFA0B8453BAC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:27.350{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCF46643B64C03FD2FBE3B2255C1E425,SHA256=9035EE816E87F66F63A58C571126B39C565B30C6024339DC4FE7B87C18DE51F2,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009747Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:25.156{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50049-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009746Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:27.108{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28617A424F96C65D0DAB94EC69E6EA23,SHA256=3CC18573823B45D82109FC5866B2AF196723821B3FC087511A81959034D77454,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:24.735{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50314-false10.0.1.12-8000- 23542300x800000000000000025770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:28.365{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BB3C4DC50EE06078070F334C2061A20,SHA256=AD1F6ACE752B26FFAB94C094E35DF4CCB7E8C5C2093801C1586AE140B9A8415D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009748Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:28.280{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51D92CD918835E4383F9D4CAC5093637,SHA256=526EC50B7A5B011B53E6725A34D4B1D4091F6F31275976A87EFD8234D8FF85BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009749Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:29.420{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F8DD20B60AE10EF44B46AABDC3EB090,SHA256=967427F144B62E03E4003DA9B8563D232F57EE2A8A517DB05B3DA89EC60BB659,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:29.381{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B39124F7A8D47CA58A75C9AE64F2EF36,SHA256=763CEEDB9C4E245A3279D0FFE8A9B2728B671CEEF5930B2E209EA8B3DCA7FA84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009750Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:30.655{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22EA1281501D0A5D725148D6BF33C8C2,SHA256=FC0329D01A3CF86930D8D7D666F5396EB1A4D97A8DF64D720767FDC9259770DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:30.381{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=355F76252682500FD732D20655545C1F,SHA256=625C8B21FB38EA428B9FFA277ABA5DF81E7A3FCC8A9A741E86D5A8E1DA763E6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009751Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:31.686{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A23928F792ECB3D3BE0628A347D32A64,SHA256=E08AA44A90F2DE0A35F3386B92903943B983FA842B4CD42342C9A335D91449E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:31.412{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E072123CFED96C0B05FB303434E2B66,SHA256=50FDBDB93AB97F1743464FCE1B1E1F7F71105637BCAB599A280F11013ADE26E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009765Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:32.686{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=647467E65909BA54F142BA2EE38B1B38,SHA256=88073592C2C8BA4F62A61E3C745FCCC57D08F209276A8F80D984CD64725924C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:32.428{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A910ECB42B26E32EA9EF96A79F3E96C0,SHA256=D2424398EF5AD1672C2BA5510633F2222D2B2316D65D9A5DDA2F1C5A5B7A3B00,IMPHASH=00000000000000000000000000000000falsetrue 13241300x80000000000000009764Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x80000000000000009763Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\IsServerNapAwareDWORD (0x00000000) 13241300x80000000000000009762Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\AddressTypeDWORD (0x00000000) 13241300x80000000000000009761Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\LeaseTerminatesTimeDWORD (0x615c1304) 13241300x80000000000000009760Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\T2DWORD (0x615c1142) 13241300x80000000000000009759Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\T1DWORD (0x615c0bfc) 13241300x80000000000000009758Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\LeaseObtainedTimeDWORD (0x615c04f4) 13241300x80000000000000009757Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\LeaseDWORD (0x00000e10) 13241300x80000000000000009756Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpServer10.0.1.1 13241300x80000000000000009755Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpSubnetMask255.255.255.0 13241300x80000000000000009754Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpIPAddress10.0.1.15 13241300x80000000000000009753Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpInterfaceOptionsBinary Data 23542300x80000000000000009752Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:32.264{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=6A8E5ADA2B2F6926EA4AE37D54496050,SHA256=781836FBEBBA4935120273C7A1786EA185BD2234C8E9526B556C42061CFEEF37,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:30.672{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50315-false10.0.1.12-8000- 23542300x80000000000000009768Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:33.920{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C015531A1A573816BA3503B79A002DC,SHA256=E33A81F95310A43F9B60ACB701AF3A92B6E9F598291844E733C76A1DD3633959,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:33.444{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3A643D1374538D3961E9AA4BF3CBA2E,SHA256=7800B263837585C0D0F1049F6DC9F4D4340C887C78AE1BF94D23A0E326B187BC,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009767Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:32.297{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal68bootpcfalse10.0.1.1ip-10-0-1-1.eu-central-1.compute.internal67bootps 354300x80000000000000009766Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:31.188{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50050-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:34.444{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECE33410641660AA475C56EAB6948BC3,SHA256=0FCDD991BA9547159604FA5F19FB1314AFE185868816A0AE12E2E3DD2CEA3D69,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009770Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:32.308{49C67628-FDEC-615B-1600-00000000FC01}1196C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:0:0:c8d0:3bab:81b5:ffff-53797-truee000:fc:0:0:0:0:0:0-5355llmnr 354300x80000000000000009769Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:32.308{49C67628-FDEC-615B-1600-00000000FC01}1196C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruefe80:0:0:0:e9d9:c59a:6800:80d8win-host-340.eu-central-1.compute.internal53797-trueff02:0:0:0:0:0:1:3-5355llmnr 354300x800000000000000025779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:33.236{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal61603- 23542300x800000000000000025778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:35.444{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AA33BD53E1D64A9A7A4AF776A534B01,SHA256=4AB574341829ADE7673B65E1970F1164AA5969B21DE758322266D5A9F57F0874,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009771Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:35.000{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CCBE8779EE761AB4E7EF5DB015D6375,SHA256=99C7FAB33F023F52F6FA073000A5C823F554A624966B45A4B6229628075496F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:36.459{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6175D187CB2DC7BD1EDC33E3279C867,SHA256=638B780A25513DE3BD7086B1BC18F045C94741DA57D938FAC81E31964574046C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009772Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:36.218{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1361FBA83374A2FC698BF0B3F73A778,SHA256=777F277A6387F19700FE2A1A5F25BA86120A4BFEC303C20CD4A9892F071AD6C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009773Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:37.218{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7629DAFA33C8F120C2658024084CB89,SHA256=B0B7536E34EDE1750C76538763A074169EE6E7A58BECECE13310D108E2623643,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:37.459{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=445A8377D588A1E4D77870F7939191E9,SHA256=6340E669E5F6D84BE62A399EA919ECD89A2255D532FC987A071651135097C262,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:35.860{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50316-false10.0.1.12-8000- 23542300x800000000000000025782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:38.467{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88E6486AD1F515366B86039F440A4C08,SHA256=881065ACB631CA8CC854F033F4AA05C3EDDA5D10FD05CAC74F00D4B3DC84EEB7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009775Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:37.158{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50051-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009774Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:38.224{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=584A5A72D1ACB9091D2DD90905847D73,SHA256=CBACE780AD5710DF5EFC798734CF904668DFD2D54305C6CE1F410E7928DF84C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:39.483{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB04016323952AA24D93E464A5E95A79,SHA256=AA1C77B8D8F52670B50C7D4DE4569B538CD21F7EC5B785092B9FC2D15CCDECB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009776Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:39.224{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=302A248D7D75550FEE2B9CEF915DA67D,SHA256=2A9F1CE964FECEE0AE537F3952799299ED3A7113DD6E69A197A10782DF6E8AC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:38.999{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009777Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:40.224{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0468513AAA1CC41811B3E9A458BE7EA,SHA256=AE22151B51988E9FC62B6C111036683B26FF3C27E8D4B4BD775EBF2EDA01B582,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.967{6EDEAD03-04FC-615C-8405-00000000FB01}67966876C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.827{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04FC-615C-8405-00000000FB01}6796C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.827{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.827{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.827{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.827{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.827{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-04FC-615C-8405-00000000FB01}6796C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.827{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04FC-615C-8405-00000000FB01}6796C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.828{6EDEAD03-04FC-615C-8405-00000000FB01}6796C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000025795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:38.602{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50317-false10.0.1.12-8089- 23542300x800000000000000025794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.499{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC1BEF343759DF9603F8BA5DE8572310,SHA256=5A9237C96BC99CD984367B1846EE17DCF3E9C669BE019E07382A7FA4ED5E6AF5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.249{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04FC-615C-8305-00000000FB01}2144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.249{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.249{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.249{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.249{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.249{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-04FC-615C-8305-00000000FB01}2144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.249{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04FC-615C-8305-00000000FB01}2144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:40.249{6EDEAD03-04FC-615C-8305-00000000FB01}2144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.499{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9742C45DBE1EAD3EA07B0F02D277E01E,SHA256=6C9FD2A12DB7B12C47E899AACAE5FEDBE23A4AFFDDB3B2F4CA62A8A9CE61190B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009778Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:41.224{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2BDCBB827184929FFA74A1646CF1141,SHA256=31128114BC5E8C9FDE60BB8929BE217D19C08DCFED6FB5FB6DD11B8512CC4149,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.452{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04FD-615C-8505-00000000FB01}7112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.452{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.452{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.452{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.452{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.452{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-04FD-615C-8505-00000000FB01}7112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.452{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04FD-615C-8505-00000000FB01}7112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.453{6EDEAD03-04FD-615C-8505-00000000FB01}7112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.311{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E7171D91EB805A487AE16EDA97428089,SHA256=18D725748570BF25606293453984D8ACEB1FB9A4A32B8BE68D3636B87EC487EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.311{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8791FCB4CFCD026F9EC24EC7A2E59344,SHA256=BB381CE06FB2E2ED0F3734F48F2FA982C4A428C252F069003E7C5C11BF1248A2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.749{6EDEAD03-04FE-615C-8605-00000000FB01}40121880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.592{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04FE-615C-8605-00000000FB01}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.592{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.592{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.592{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.592{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.592{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-04FE-615C-8605-00000000FB01}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.592{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04FE-615C-8605-00000000FB01}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.593{6EDEAD03-04FE-615C-8605-00000000FB01}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.499{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E7171D91EB805A487AE16EDA97428089,SHA256=18D725748570BF25606293453984D8ACEB1FB9A4A32B8BE68D3636B87EC487EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:42.499{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF382AEF3A5D3709E02DEACCC54C52E9,SHA256=34C70DC93A62FCE71DA931BBB539C9F7A545D90BE60B398DD5B4A878A727FB22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009779Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:42.224{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB35AB43B81F984A5DFC5D2F77581E45,SHA256=ABDEB4DAB01970032B20394B5FF6BA45D04733EB63B5CD4BF5242C2635E1551B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.983{6EDEAD03-04FF-615C-8805-00000000FB01}70924212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.796{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04FF-615C-8805-00000000FB01}7092C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.796{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.796{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.796{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-04FF-615C-8805-00000000FB01}7092C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.796{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.796{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.796{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04FF-615C-8805-00000000FB01}7092C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.797{6EDEAD03-04FF-615C-8805-00000000FB01}7092C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000025838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:41.774{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50318-false10.0.1.12-8000- 23542300x800000000000000025837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.624{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6EEF3622DB3B13152E887F11231B2D23,SHA256=A108F5D72F8F09E0F690D61E514EE124055D6FD3BB51CFAE72BE7FF3E8F6269D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.514{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BE791C40BCCEA1B746A2A49472D59A3,SHA256=1FF0DC9ABBD4E79635BF07D4EC6FFCA4472AA4776C892EB0C220B3B589946627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009781Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:43.334{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009780Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:43.240{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DCE8B38B9EDAA3472B5404D904DF75D,SHA256=879BEE7D640C16D779377CD332576261874A8634CC54184FAAD0E666B5767995,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.421{6EDEAD03-04FF-615C-8705-00000000FB01}38565884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.264{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-04FF-615C-8705-00000000FB01}3856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.264{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.264{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.264{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.264{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.264{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-04FF-615C-8705-00000000FB01}3856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.264{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-04FF-615C-8705-00000000FB01}3856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:43.265{6EDEAD03-04FF-615C-8705-00000000FB01}3856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.811{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BD7ED669FF19EC5BD4624E5706C37330,SHA256=1D08D9FDE105BE195077513BA5A8B9662AA4A31D555084FF10B3A4E76246F226,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.546{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F458EB50F41F0BF133ADCAD262E46AE,SHA256=BCA91BA5335915F0A854B92D1A426C3A75E66AB345795D1503E07FFF6D83A840,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0500-615C-A901-00000000FC01}648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0500-615C-A901-00000000FC01}648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.521{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0500-615C-A901-00000000FC01}648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009783Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.522{49C67628-0500-615C-A901-00000000FC01}648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:44.240{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D3EDF3CDAE730BCF802F056BB6A6D68,SHA256=2012B46F94FBB5CE4E801C8D42C3466BBE1B5878A6E3567C4932ED1326F9D0EF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.467{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0500-615C-8905-00000000FB01}660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.467{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.467{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.467{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.467{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.467{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0500-615C-8905-00000000FB01}660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.467{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0500-615C-8905-00000000FB01}660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:44.468{6EDEAD03-0500-615C-8905-00000000FB01}660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0501-615C-AB01-00000000FC01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0501-615C-AB01-00000000FC01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.693{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0501-615C-AB01-00000000FC01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.694{49C67628-0501-615C-AB01-00000000FC01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.677{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=162C0C9DD11446C896CD0471CFF1E445,SHA256=8ADDD51753CC55E54BB218ED6214FCC3A72C353CB1AC4B2CCC840808F9137526,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.677{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E62148390B5C5096E3C5679626EB28FD,SHA256=6D5C940B6577CED71FAECC02E64EB1C51A0354614BD6FC0E7F266D3EFE9F8C47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.662{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1496BDB88A38B102CDEACD5920FE1CB4,SHA256=2E2AD9E7F42BBDDE94DF6CDBB4F7F36BE72997B9DED32D0ADEB2872AEA4179E6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.334{49C67628-0501-615C-AA01-00000000FC01}7241108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:45.561{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A733AC25BD9BDC4C543FBD7AB5C5F714,SHA256=01CF2B2CDD23A415DDEC8D5750023283C0B8EA79B17E26D2ECD08375741A5FF6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0501-615C-AA01-00000000FC01}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0501-615C-AA01-00000000FC01}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.193{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0501-615C-AA01-00000000FC01}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:45.194{49C67628-0501-615C-AA01-00000000FC01}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000009797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:43.351{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50053-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x80000000000000009796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:43.117{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50052-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000009843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.990{49C67628-0502-615C-AC01-00000000FC01}16083832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0502-615C-AC01-00000000FC01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0502-615C-AC01-00000000FC01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.834{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0502-615C-AC01-00000000FC01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.835{49C67628-0502-615C-AC01-00000000FC01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.693{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=162C0C9DD11446C896CD0471CFF1E445,SHA256=8ADDD51753CC55E54BB218ED6214FCC3A72C353CB1AC4B2CCC840808F9137526,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:46.381{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A8638EF701BE437122275A53FC44EFE,SHA256=9720A0AE2B60B521580245D181EA898095FF5C791AE287D7CF84E55A54F8D722,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:46.655{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF6DF8EAF164AF7C81EB59FF0FF7DC7A,SHA256=763994C57916B045881FF6BF9880938B764F5F1109D9F36FD63E76E41D8CC9BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:47.849{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9973E22699E14926207E68924320C0BA,SHA256=188301E84FD3A89E0E653A647E56E78902EEB2F259976F1817DEA2FCD59DCD13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:47.615{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EAAC84563BF18B5AEFCEA96472A89E1,SHA256=B49485481B5A74094D9F9F5A1BA4DE9FAD5890963FD7C14ABF21C342C9140147,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:47.671{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=983DF8DC0B96FCF633AC2CCEB14B191E,SHA256=255F5BB1700872374FA585AC7FD78C22311B0CFC7166F21B993ABA483D74E8F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:48.780{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4FCC90A2158EC30BD79EA067D37E9D1,SHA256=6675B29872A8FA145A9CC755F817980F3C86BC6497A19D9A4F9C0F8ECD94A840,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0504-615C-AE01-00000000FC01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0504-615C-AE01-00000000FC01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0504-615C-AE01-00000000FC01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.959{49C67628-0504-615C-AE01-00000000FC01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.724{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F960318B0D254CCC4A5C3CFA719473C0,SHA256=112F1021231BCE6856E9AF564566A1FD4425AFDE807399574CF02012D65E38D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.490{49C67628-0504-615C-AD01-00000000FC01}27082768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0504-615C-AD01-00000000FC01}2708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0504-615C-AD01-00000000FC01}2708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0504-615C-AD01-00000000FC01}2708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:48.287{49C67628-0504-615C-AD01-00000000FC01}2708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000025863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:46.774{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50319-false10.0.1.12-8000- 23542300x800000000000000025862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:49.796{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50FC0C9398032069B4905B8B27734A0E,SHA256=81DF068755222FB87D65355F3D8FE4736DB319F1F24FAF6C3C8C313331464983,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.943{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EE8967AC8C7A8F9885CBB64BAE8D7DB,SHA256=D4D15CC8B1E642CD59C1FD75AF6AE317CE97448828AEEDD886C1C24AA1CE1B81,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0505-615C-AF01-00000000FC01}2296C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0505-615C-AF01-00000000FC01}2296C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0505-615C-AF01-00000000FC01}2296C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.631{49C67628-0505-615C-AF01-00000000FC01}2296C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.302{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DCCF78172BDC8E183277FBB376F3348B,SHA256=D29666E6B1B04732B87E124E6262A9C4851C9A4BD2862B27680185C910A7CC98,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.146{49C67628-0504-615C-AE01-00000000FC01}24082412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000009891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:50.959{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F796DDB36A04EB1079E60066437578F8,SHA256=717B1C354C4C3FE588E0BA4CDED145A6028D2746BACECC0CAF3C7961F7BD1485,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:50.811{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EA13FAE0B08E82C9E453B1E234F7069,SHA256=7B06D6FD9E6C88D2711A99BA58AE4CE51C95B02A97EEC6B33D0E8A7798F2E85D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:50.483{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=65CF57E9D0F3583EC0F26553BA6495C0,SHA256=3BF2127D050766266F93FBAA1E5B57388211AFB373C8516218CC855CDC4A751A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:50.693{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=92DD589DE3CF01834365CB82F5ACA39B,SHA256=14CCCC51D4DE7E6180B3A55391C1554E2814350AB18890B9AE6314AC10F0BDF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:51.843{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=955781ADA8E3ABA3BB1B333A8A70C715,SHA256=BD63F636552A5D7B82E9C784FC1DCB38A113A6FED65D0B86E8EC574439D4F00F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:49.133{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50054-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:52.858{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1E5DA0BF1011BD9384FB281D01DC30C,SHA256=A3FFD76C4F2250127EEDA888AA21F4DC245DC69FFC3FA3760C8FAA0AB88A7134,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:52.099{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=061F43F720A8AD5047F736783E6FF58D,SHA256=F1BD171457CFF7842BA16F86C306B8FD582EF9C9064AA98642DF50A5EFBF3D5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:53.889{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F52993B332C45ACB476B7242966BCA38,SHA256=26CB604C7C205320812C946E8874990CD2EBF7E6E4766BE5F4EE9E4D7259F58A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:53.224{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=609EF7743E38243886AD8BDB26F3EDA8,SHA256=77B2514C630672D0CD654C5DCF77157E9279CA610081F5563D8A3C0D2F9F6173,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:54.905{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0620CFA10CC317C39A3C3DED75708ECB,SHA256=CB75D6910FA34FA523F6793A136F403B135CC8D65F3104FE78E76D5BAEE6FB32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:54.302{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13ED81AC3FCEB43160E25031C2E4A0D3,SHA256=3C14B0D24FE3EC7967425709FBB2F6EFAD2C238B1860695387D1E85F549C9E9B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:51.837{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50320-false10.0.1.12-8000- 23542300x800000000000000025871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:55.905{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FBE17E2325A912BC6E3E7B50A3C0B84,SHA256=FE271E475257B58D2D88914AECEBD800A201429AF31E29C8626C7CE3D996BB21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:55.302{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8491E0803040281269A01F314B84972,SHA256=AEF73C9464238D7D65CAA9B7EDFE13EFB577DED95DAEDB7440667C22944D28DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:56.905{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1794BBF1525B34ACCFD2C2F936F417E4,SHA256=39A16E0F9757D26D15E22A945FE1AAC62C115C720B3DE349E0DCE72665F612DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:56.521{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C981A756F659200C1C4097DDDE7B00E,SHA256=CB211555566CF8B4D208C1E1B6274310F8DA93AFD383DD85F4C1BE8412267DDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:57.921{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6B690B25B66112B28EE9EC354793B3C,SHA256=987B4188DC4CEB9FE868BE3328C23914E6C91AC1FDF63BF1BB652EEB5B3AD98C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009899Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:57.756{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E279E0C84761D523784A04CE94D3FDE,SHA256=442A262FB25A941BA9E3316DF32885194AF632421F645DD9502A8CF7EAD5DFE9,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000025873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:55:57.749{6EDEAD03-FC1D-615B-1100-00000000FB01}480C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b9be-0x6e6100ed) 354300x80000000000000009898Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:55.101{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50055-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009900Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:55:58.920{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17ECD41BACF4B3E9E31BC1B1E3E793E5,SHA256=2095A239144F234E96D1D9BEF3A9FED18EF51B52728508F5B4994F3DB07FE594,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:58.944{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB3100A60F8B62E6A82129AFA2C7DEE1,SHA256=CB87908429A5DA8F24C277621F074F64A36D878C585D0EF496A5FBED4DE85C10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:59.961{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6441E2B99BF055AFBA9BA8D7961842FD,SHA256=896EA8831A8F97D9668C9E605E76E8AEF6F3FE05349E9B5D875BD1229414F3E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:00.962{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0242BC9D30EFE6023EF6148683FD373D,SHA256=B641A518581A24845C07662359D0842B67ECC9E7ED0698D3BBD033FB67FECA9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009901Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:00.061{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F66D8E7C74E85C8917394259D23B5A76,SHA256=611780F602EDAF09C980AFD58929F9194441FE239EABBB1F35A13964477BC23F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:00.291{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-036MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:55:57.720{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50321-false10.0.1.12-8000- 23542300x800000000000000025881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:01.978{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=450AAD25882AAF9D5D7EE500C7999776,SHA256=633D88167453E5DAD30DDAC82EAE5D182C79F48DDB43B48B00E34A4E58DA8D2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009902Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:01.201{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=763240E8AF28E5E57B041303AE2BC05D,SHA256=B22D144E6A363CB95DDBAAAA222F7AC723148CA26354F733C2FABC3DD12EB043,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:01.306{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-037MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:02.994{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=896F0B7BB18A98B6E7E9A8CFB9E72D1C,SHA256=322F48CBABEC2FDE427F607DB11A9BABDCCF45369573F19DC0D2E453747558CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009904Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:00.265{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50056-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009903Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:02.342{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD3FE31C9F249E4065A3DC8D4F23CC49,SHA256=8A88235E47F566D477E823257D0FBE92FA02B1027EAF8D46C9C884A92F6C145C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009905Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:03.342{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F951C7C01AD96B0B94904D56CECC1D2,SHA256=8E211ED0D67B6808BE047EC0DD12EBF102A121C76788B48BA40DACC99F98ACFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009906Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:04.342{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBF434F0C183CD4640099ADDF9270716,SHA256=3AA9F04395A46A4B22819C534969B6EAF49B79ABEC7BE9700D186C60D90A217D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:04.041{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F44588ECAB60A3AEDF3B4F3C25A025F0,SHA256=D8E5B62E39F779BBDB6378959A2946B785376431B568422B3BE682BDBABCB3D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009907Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:05.342{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=069E94C41701DE04915065E248410B40,SHA256=7483E9977E674C4CE64F362B39BFB150CF5282F6789B5D1C40117C6BAFD05996,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:02.863{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50322-false10.0.1.12-8000- 23542300x800000000000000025884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:05.056{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A43A505DF645CCB2B798C7587D2202C3,SHA256=4EB3454BE25E65605766E403F7B72837874A0151068B452C409D4A8B3ECC0C35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009908Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:06.342{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E107A93A0A73565FDD35BAF62A60156,SHA256=8BFEFDFB5E3D74BB2C07784967D66CE0F644BCB717A3B7841561E5F333FC42F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:06.072{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01D61034954599BE3C33383B1EA7C271,SHA256=5026A18D9AA02F194445D1DCBB349E5D3AA85690F883DEA827FB836E7FFB11D5,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:06.125{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50057-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:07.357{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDA30519DFEF499378E04DC6C3FC30E3,SHA256=4AFCA92042F7FF1C9FE70533974043670F6F00DEB788BACF635E2A8B3DC84268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:07.088{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3EFE7B5885127BC1BAD0B87AEF00CC0,SHA256=29EF76E1AD5FAEE4FDCAE0D5424FD75030E8A0526526C209733A4EDB1145668C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:08.358{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=515672014220B179D0B94C8CA2494415,SHA256=07E09978BE2C29D609BBDA092761F9AB7DB7E9A0C8F3FAABDC5CBBE201F8030F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:08.103{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F5846A2165A0E1CF854226424F447A8,SHA256=B8147F8B5923D75CC2864775F6C4A0BBE234AE655D29B35DF301612ACFAB45C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:09.373{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEEF97DDD9F80AE0DE0B8F8A512D8F75,SHA256=73052E2805E81B5E405303A0B78F20997AD4408521A0A41786C276C243CB1B73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:09.119{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42DCBF4021EB4178BA2C166F4FBA7725,SHA256=1512463958E1643A59F6C2B250030180B57D210C9A782188A81E71FED6B25ECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:10.373{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D88875DDF6E447DC234B5FBBAA493B37,SHA256=F13995180DCC064583CE3C69FF3A6CBC76422431B3D0F388661D7BE5F58B4C23,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:08.800{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50323-false10.0.1.12-8000- 23542300x800000000000000025890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:10.119{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E95353CAD2727262CE80EECAB58F02C4,SHA256=0CAFC2BE04D30F855D0F1AAD6AA33853EC6F042BCBA06D49CB9F73E61996E26C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:11.373{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=947441A8C7652A21E982B69DB55F62D1,SHA256=DA1945F55D0EFCB0971F76415BD4A04472CF366DE0780A16982330A740396A81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:11.135{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B1282089E00B8D02DF98B3B8DA375DD,SHA256=C7479542F455AF67BB1C6E6DE65CDDD2A6A77FDC9E2154300CF30C706D399534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:12.373{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E69BF2567F518B001CA071B319310B2F,SHA256=44A000B07428BA3A3E38B353B9C6F9F3912C94EB35553E8BCB447B344435980B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:12.166{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBF8D479E73EDACE3171284C4795E622,SHA256=2BB0A6A74E1F4CEEE1721F42B2D40C693C07BE211CF2F864D8554C7AD7616093,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:12.156{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50058-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:13.373{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B61685C2545A27ABD067BBE097ED276,SHA256=070E0ADF378618AB2A183C0D88F2B1C51D0D40CE8AA49FA6D05A8A6F1B815789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:13.181{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51A96C86B7EF996A38CFD6AC7F5C39C7,SHA256=0753539F92D08AAD98EE5502EFBF045EA30E2290E2922CDF9B332E6A2924B52F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:14.373{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FDF482510B59B30A74E173340638CBA,SHA256=3DFA4A6ED1C9E048C70531F7178B7A88179ABC7835E4D8C45868770E358470F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:14.197{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4F87775A327D3EAA144804918140D85,SHA256=6D7D68E14CDC7974C3600F1D0F6FCF7A2935A1666B734607AED5A2E7C722B9DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:15.389{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF51D824AABC694D0F285718C2C6381B,SHA256=2D3756F55F40070C83FD173B8645B3769A42D2E4669FEA3192AB7ED91A1370B0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:13.832{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50324-false10.0.1.12-8000- 23542300x800000000000000025896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:15.197{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2801D7060FEBA8580F74116A9A423A93,SHA256=F5FA3BCB35F2695869A83F27833274B248754DE12EAEC8311C304B4D1045F868,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:16.389{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CE40D0E24BD9D94BB6A9FE10D6ACF4F,SHA256=4A7CDD03DDCDDA7E72FADC291B5202D7646A34A53B2712EE3EF86E98AE8DFAAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:16.228{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F8F4F9E019CC1D373E4F43A81DD5B7F,SHA256=2AF3AE36166318E0D7D1B3EFDFD517761ED497F60FB55D1CBB3597D1442A0D26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:17.623{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=353981B0BD721D40308050CFA563BAFF,SHA256=032057F5A41882D01F42B467ADBDE3702DCFADC89B91516840B3BE1E322F08CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:17.385{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7FE0D36D961B17B88619CD09E8A390F,SHA256=2672302B4688014D7C47C3604E3311F0A54B20C22CDB039A51757EF7E403581A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:17.385{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FD36D693FD3F1F4A6EC738AAC91FDD34,SHA256=2030CD42468BC11BF0F90889A63FDAB7ED227817B409AFDCF39684E7491A3B12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:17.260{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0C3D6F72A6F651E1EF0C9CF46733DB1,SHA256=10971E486ED2148E008DF01FCF0EAD4EC33F9325732F19E1ACA076A0BDA3052F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:18.850{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13B78B1D4338D83A75ECF52CEA8C3063,SHA256=4FC3B401FDB5B210AB440FC80C17D23B4ECC2DE40043B55F4AE5EFB94574014F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:15.988{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50325-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000025903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:15.988{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50325-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000025902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:18.265{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63286B1CB0BE6F1CAEFCE988632AF94C,SHA256=E081864BA8FFE194B71C85A3160CBEC7173294A0D3913834DB620C3316CB084F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:19.943{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B3D5C53512BA1DB8A685DFDC5962390,SHA256=E7D8327FFA3DA7D489E5B78C583B3996BFDAB9211FD49A6B93BA67CFC45D34F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:19.328{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25CAA6F4C189872082344ADFB8EE498D,SHA256=38CF96CD6FDF1B9288D71A23607690A9DD0478F8FB368844528A6A3DF6AB7A6E,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:18.086{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50059-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:19.009{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-029MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009927Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:20.992{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A00117D126D73E0361C6E1095434E50C,SHA256=33824FA321042065531AC7C00D809AC7C7877578F3E8F19433CA14C65688910D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:20.328{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE5F2C27A51605847B7CF974E903A7DA,SHA256=F085CD6C67F8E9D005B08C4FB51DC53F1D60D048A2B9DC75823FC2F17D5953BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009926Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:20.023{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-030MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:19.681{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50326-false10.0.1.12-8000- 23542300x800000000000000025907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:21.328{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FBD6341395C552CA91C328819BB26B9,SHA256=5B241B3853C21A43585608F8F4FAD8CE9431FC3D0080D050C00293A9C0139771,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:22.437{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=945890AE82A7B992364A5146A4615EC9,SHA256=0C8486672BF9DB3AED8DD8717323F04146DE35CD716573EB4D23332EBEB8E084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009928Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:22.211{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97F09369D36B1A38BD17B42C7C5246B2,SHA256=392D3A6700E80EC238C381986EB2C510A2E7E17AB09AEF2B6A93DB9F624388F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:23.468{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFC18505B32C10627D064EDE7F39C483,SHA256=BCA615C55789F75C973BDD8D1B0FBACBA3A301C37177E24129D09334D66A91C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009929Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:23.445{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACF6DFB0B72455840538463D0049079F,SHA256=DB28A0D2837E8D3E51E2892C4D31C378ACA721E49F558330FA581F54B6A31AB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:24.500{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFA4A91031EA8A6BADB0D93D9A0C8A7F,SHA256=F91BC1709F5BF1D9BACA9F7C9A72B885FD84073F3442F4B03131A1069A9F8CB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009930Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:24.445{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBFBD5D8D8CF9C3B1CA366021F2F7B46,SHA256=F227D65E64BA9C67DE10C08DB97D446DBD413BA5E0152AE06D469D631243B1E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:25.718{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1D80D7BDFF14F20B8A8D56A2D8FB9C9,SHA256=B34ED3EBF6E7A3695E3A81839A0A71F7B0019EBA5A9B0B94E620136C348656F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009932Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:25.445{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=100EA579E5B6277EE4A1BAC1EC6FB718,SHA256=F56D479CA8104F6EB95973CF11AE16B59ABF12444D584489F49CAA8FBCA61B35,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009931Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:23.087{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50060-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:26.718{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8063C7FD857989E69D8390915E60E1E,SHA256=C0C729C1DAF49E38292A45D55D0603C7D218AFD59B3E40B6A8AA378F6CF036A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009933Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:26.461{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2D98E6F69347809B0131D6597BD9887,SHA256=433EB1F23F6DF3A7DFAE38527B3BAA1D325CB79462258955146042A73E66071C,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000025915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:27.875{6EDEAD03-FC1D-615B-1100-00000000FB01}480C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b9be-0x8055d279) 23542300x800000000000000025914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:27.765{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F24E729BB5AF2B37038BA3C24794F27,SHA256=E010A7FE93EFF7F3B27D8B7AF93A83E2BD5209598FFCEE117ADFB2FB55F8BA7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009934Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:27.461{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8EE84663F8064FACF107546272BDF16,SHA256=0C3EDD5F095A9C36F5E3CBF8C8ABBBB1B14163AD80B5F8B5895DB28DFD9F902C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:28.890{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32387E616EF74B2B88099034B4600B6A,SHA256=AAAA0AB818F9163AF443F11E0FDC27AE6FAB89782B5ED016DFE214FD5DD16AC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009935Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:28.476{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05621C8695B5DEBEC1416AC4916B55AA,SHA256=D9C0540C9C89236A9295B2AD26EEE2A4CA5EDC1AB0F648DA5D11241888113AA9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:25.665{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50327-false10.0.1.12-8000- 23542300x800000000000000025918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:29.890{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CAF45CD50E7F4271D5CFB65A62CDD34,SHA256=FBCA92C1389192BC2C81105D09CE8498002BA9DA82654C0BA7B2B70776A821DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009936Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:29.476{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74AEC5A40AEC1ECDC6D7495BDAE28501,SHA256=AA26F9FE1355847E5059702755AC69DF39A7BF823A597A98703305D22F5B546B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:30.906{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C3798F2DDC4C36E70BAA4AE33ED9B96,SHA256=82016050A22D0A8509F96A47D4BE791DA0CBC106B0AE9CAC63F9DA66D38CE771,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009938Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:30.476{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51231DA8A2FE041B238118A78F847B40,SHA256=5A037CA47CC787A38B5CD67F27D08AA548D60ABFA537BA931BB0A4DCA019C3AA,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009937Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:28.103{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50061-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:31.906{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=583D5C2206F2755DEE6214AB5579A708,SHA256=B7A2D2CFE11DF0740EC9A4E11668EF787395CF20DEDC2F26A86285CBD30C056F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009939Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:31.476{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4029456004B9D84EAC0C6E6E41102097,SHA256=8F5720CCA5D619086BD26278221360BA8CC1F0422F9B5B4E528A4776AA2435E8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:27.461{6EDEAD03-FC1D-615B-1100-00000000FB01}480C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-676.attackrange.local123ntpfalse20.101.57.9-123ntp 354300x800000000000000025923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:30.665{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50328-false10.0.1.12-8000- 23542300x800000000000000025922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:32.922{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6639A04D876F422B1ABB857DC25A903E,SHA256=66DE97AB5B1467850D59A8F7C1190FE9E764ECBA3DDF06E4C85A4FFADE0A36D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009941Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:32.476{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=359151D0606EE261A966CAAFDACA53EB,SHA256=D65B16B5E2DC20CCB9571D9482342C7C005AD0435C1EB6DACF3851BF4D9F71C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009940Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:32.273{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=5F82CE37F0F05CF7EAEF6D662C2E179F,SHA256=2C0F7AC0E2FB4DE98DF4DB4E134178FD5E4AAC427A107CA1A34849CFD505C577,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:33.922{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB3E296139275020439C88D353F6FB92,SHA256=B3C0AEE13CB3EBBEBD2660158288507AEB3D3C181E6E30ABF40213DB27545442,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009942Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:33.476{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E255B4946C8FEC09BC3E81E41C6B309C,SHA256=85059BBF0E8C1A3EB23361F3F5F63C4A0731B1CF5CC1996DEE2C7AFAED65BAF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:34.937{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93118846220C73637DA0F898D7A66E66,SHA256=87537FD22551E481B5C505C24C95272F7BDEB31490E6787D75606AD6C9A729CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009943Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:34.476{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98598FC668AACCB34E00293FC0D89270,SHA256=39EE46806A094D37D95EDF2E0D608F5F042A96B5AE788BFDC31450EA17152892,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:35.953{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=011FB837460463586D19BA1FB49AC3C8,SHA256=E10A4D19C25201E228E0EA5740260FF1C1FF94AE5BCF9314CCE4D133A853925D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009945Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:35.492{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AD237C551C498C10C2F7F256086863E,SHA256=82627EF453F6C49A99A32A557EC72667BE8CC91E516B7B22BF952396E05C6A10,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009944Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:33.197{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50062-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000025927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:36.953{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36FED666FE708317761FDD0E0F4B73AB,SHA256=555D1B837FFAE52352D6E96BFB6B3C4573757665E2C42AA31B09F5552C93B56F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009946Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:36.492{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E503B7B53B35B38BFC943BF4CAF9F74C,SHA256=042B5D9EB344BCE8FA75551F725043D7F3024EB53C63C00820CB752D7069A055,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:37.973{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25D79CC7E7AAC1048D43910D3B20202C,SHA256=8A19285ABDF1805DC04997ED1B318EDB0260D5B91864BC024F79A6C853BE21DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009947Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:37.507{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A96178007628A771DEEDAB1BFB46EC6,SHA256=D8C4E83355763B1BC0A940845CC0CF40E2BB3415BDD37E4E938D2605F0B50C23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009948Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:38.652{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E22FC77BA104F5FC390C51DFE3ACBB4,SHA256=92751F7F11E6FA1D5DD39BDFCB6255CE6B93C0FF7AACF570B299A2612F93F3B1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000025929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:35.837{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50329-false10.0.1.12-8000- 23542300x80000000000000009949Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:39.824{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89FAB2EE6B4EA00B740527FA0B55FDA5,SHA256=F300B5A888F95904EA08865F04585EC0B3B9063833528D4CFFB8B11E989211C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:39.020{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:39.004{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D648852948C39F3B3AB2E7EC6756CFD,SHA256=6CDF0D1536919689D1E40209E1F62469BA3DDA7F8E4552D6887ACCC379C80FF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009951Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:40.996{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A664BD44ADF7AB8E9F99BF23686BF448,SHA256=F790CC9A4F79737FCBFDBD13186820B132D229C78300E8C5D0B6790BFEFB805C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.942{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0538-615C-8B05-00000000FB01}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.942{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.942{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.942{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.942{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.942{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0538-615C-8B05-00000000FB01}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.942{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0538-615C-8B05-00000000FB01}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.943{6EDEAD03-0538-615C-8B05-00000000FB01}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000025941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.270{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0538-615C-8A05-00000000FB01}6896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.270{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0538-615C-8A05-00000000FB01}6896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.270{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0538-615C-8A05-00000000FB01}6896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.271{6EDEAD03-0538-615C-8A05-00000000FB01}6896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000025933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:38.607{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50330-false10.0.1.12-8089- 23542300x800000000000000025932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:40.083{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=655E93B7411FBDB745461AD2B30C4580,SHA256=603F95ED4F6B5DF7C1DC5C7A926C630F819F7E281DA26BA41539355309D11D97,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009950Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:39.200{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50063-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000025961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.598{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0539-615C-8C05-00000000FB01}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.598{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0539-615C-8C05-00000000FB01}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.598{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0539-615C-8C05-00000000FB01}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.600{6EDEAD03-0539-615C-8C05-00000000FB01}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.395{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AFAFC1692B09C64046A2E754D6DBDC68,SHA256=817136061F4DD4E21E123F4145235C918E9CAA3AC89E8FEE6843911000161F4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.395{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7FE0D36D961B17B88619CD09E8A390F,SHA256=2672302B4688014D7C47C3604E3311F0A54B20C22CDB039A51757EF7E403581A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.317{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6184C6837276BEBB10250432D644784,SHA256=A003310F0B86A46F0C524088327042C87F831F73F4EEDB9D03881C371C564C24,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.083{6EDEAD03-0538-615C-8B05-00000000FB01}50043604C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.755{6EDEAD03-053A-615C-8D05-00000000FB01}42925468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.629{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AFAFC1692B09C64046A2E754D6DBDC68,SHA256=817136061F4DD4E21E123F4145235C918E9CAA3AC89E8FEE6843911000161F4B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.598{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-053A-615C-8D05-00000000FB01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.598{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.598{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-053A-615C-8D05-00000000FB01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.598{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-053A-615C-8D05-00000000FB01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.599{6EDEAD03-053A-615C-8D05-00000000FB01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:42.411{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F547661F6CAED8F911E662CE5A3768A,SHA256=2A3B3A362ED7AEF58EF759996BE09EEF9D5C4A611A754B3E9AAB7A316F20B763,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009952Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:42.058{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6356A5F430D16C87F7C195AD61C35731,SHA256=C95E27C66D8D57F319EFC43DDD637BDF87896AB97D007C6F8DD0A5CD5DD26660,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.880{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-053B-615C-8F05-00000000FB01}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.880{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.880{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.880{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-053B-615C-8F05-00000000FB01}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.880{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.880{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.880{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-053B-615C-8F05-00000000FB01}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.881{6EDEAD03-053B-615C-8F05-00000000FB01}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000025982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.426{6EDEAD03-053B-615C-8E05-00000000FB01}63766788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000025981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.411{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7DD1EF6ACB1B91E9F594B68536A9266,SHA256=BF613AB83B423795D202A17C90AD0E5D6AA32A8C2D36F859AE24117AAEEB87B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009954Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:43.355{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009953Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:43.152{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4BC057636242D6C06ABB9B75FCC4311,SHA256=BED585A1E2D35860C13D65C444B0FF1011F8A43A979D2B6E4B1808D74645B4B7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.270{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-053B-615C-8E05-00000000FB01}6376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.270{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.270{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-053B-615C-8E05-00000000FB01}6376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.270{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-053B-615C-8E05-00000000FB01}6376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:43.271{6EDEAD03-053B-615C-8E05-00000000FB01}6376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000026002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:41.623{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50331-false10.0.1.12-8000- 10341000x800000000000000026001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.505{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-053C-615C-9005-00000000FB01}3980C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.505{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.505{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-053C-615C-9005-00000000FB01}3980C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000025998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.505{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.505{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.505{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000025995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.505{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-053C-615C-9005-00000000FB01}3980C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000025994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.506{6EDEAD03-053C-615C-9005-00000000FB01}3980C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000025993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.426{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9D61FD0054239727F73115D4E1A4016,SHA256=A1C5C10C2A6EE7A1B0C5800B78CF6C52D54B6EA0AB27F2BC361EB4BED7B70C30,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-053C-615C-B001-00000000FC01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009965Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009964Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009963Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009962Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009961Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009960Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009959Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009958Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-053C-615C-B001-00000000FC01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009957Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.480{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-053C-615C-B001-00000000FC01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009956Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.481{49C67628-053C-615C-B001-00000000FC01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009955Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.386{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8AC912893D8E725E7C350ECC883A311,SHA256=D7FC961A34669A86C1678F99969873323121FC4EBDAC723CA9B22267F8726920,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000025992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.270{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2808F78EB3D2F35D48E6E3BD5A70302F,SHA256=145E23E06700DB92EC39E6151AA8A8D95BC15C007240284AF02B09A91DD5F07A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000025991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:44.067{6EDEAD03-053B-615C-8F05-00000000FB01}50322272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:45.598{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0DEB5328D46638BC674271ACB082F93,SHA256=C75777251E2FF298DFE32B40E3A9021361F69D6A24B30CC3AAE86ADBF4BBA117,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-053D-615C-B201-00000000FC01}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-053D-615C-B201-00000000FC01}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-053D-615C-B201-00000000FC01}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.824{49C67628-053D-615C-B201-00000000FC01}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.621{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0ECE1E7950A42E0988A7577A5D89D7AB,SHA256=399D25AE58F6863FB1FABA30A3E2FD7F9E6F8D2726302C4C124421AF31B901CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.621{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51177508F255D6CDF08CC9E2C639ED5D,SHA256=32CC471A4504DC3936D0D9D7736034FA3DCAAF1327E495B0C4E54B14BDF2EA29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.621{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FD2BADB5890B9C37284147962CCE4546,SHA256=436E2B51C59CA126DBA4CBC0A3362926D73913F52C1C82BF2FEACE918EC5DB35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:45.567{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=23620C62414CFF8C490E0378BD97383B,SHA256=0E1DEA677AD0DB82AE365C2E05439CD436E05DA239D8FA6516498303498AA6FD,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:43.372{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50064-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x80000000000000009982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.277{49C67628-053D-615C-B101-00000000FC01}18042064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-053D-615C-B101-00000000FC01}1804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000009971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-053D-615C-B101-00000000FC01}1804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000009970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-053D-615C-B101-00000000FC01}1804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000009969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:45.152{49C67628-053D-615C-B101-00000000FC01}1804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000010016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.964{49C67628-053E-615C-B301-00000000FC01}27241612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.827{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0ECE1E7950A42E0988A7577A5D89D7AB,SHA256=399D25AE58F6863FB1FABA30A3E2FD7F9E6F8D2726302C4C124421AF31B901CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-053E-615C-B301-00000000FC01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-053E-615C-B301-00000000FC01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.761{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-053E-615C-B301-00000000FC01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.763{49C67628-053E-615C-B301-00000000FC01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:46.699{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58777DE40996C4F8E9E5FD9D9CE7FEC5,SHA256=4BFA050FB8FED8C426D7A83D8E5AAD2D1C6B9F0B595FB085C3A14C098613905D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:46.598{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDC05B455AA9610AB8C1808C29EAE462,SHA256=C31E57D3F017F1028EC4BAE8610CF0B0F725B0580B8F094CF6FB004F27E6CA9B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:44.216{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50065-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:47.917{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED4D0ABCFBB6F754CC4D51869730E96A,SHA256=32C06BB0B5FABC3FBCA84202BBE02DD2C4C7B0C5EC69A099EC52615AAC0E9C26,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:47.817{6EDEAD03-FC1B-615B-0B00-00000000FB01}6365952C:\Windows\system32\lsass.exe{6EDEAD03-FC18-615B-0100-00000000FB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000026016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:47.630{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A29BB3821F9FF4F61FAA6BCFFE8AB0A,SHA256=085F039E739B431B5971B9B37BB0E007F168150B28C311246A38749462CF75CD,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000026015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000026014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0023c3e2) 13241300x800000000000000026013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b6-0x29fedfe7) 13241300x800000000000000026012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9be-0x8bc347e7) 13241300x800000000000000026011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9c6-0xed87afe7) 13241300x800000000000000026010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000026009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0023c3e2) 13241300x800000000000000026008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b6-0x29fedfe7) 13241300x800000000000000026007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9be-0x8bc347e7) 13241300x800000000000000026006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:56:47.583{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9c6-0xed87afe7) 23542300x800000000000000026019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:48.801{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=363DDAFB72EF1EB86F3CE9FE81BFFDAD,SHA256=8B535032E0A0B92B6E2DA0BD6FE2319950E36AB53C995797210774AF88618086,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:48.645{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D6A40CF0F2EE2094683C5B9739465AC,SHA256=DB3FA35006102A14E06DE939C42F4E996058899970007689D911660AD197028D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010044Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0540-615C-B501-00000000FC01}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010043Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010042Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010041Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010040Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010039Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010038Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010037Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010036Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0540-615C-B501-00000000FC01}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0540-615C-B501-00000000FC01}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.949{49C67628-0540-615C-B501-00000000FC01}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000010031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.417{49C67628-0540-615C-B401-00000000FC01}40403584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0540-615C-B401-00000000FC01}4040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0540-615C-B401-00000000FC01}4040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.277{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0540-615C-B401-00000000FC01}4040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:48.278{49C67628-0540-615C-B401-00000000FC01}4040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:49.661{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADC05F89C2B6D5629856832B3E351AEF,SHA256=60DAAFC681AE045F84E7A718DD6B250FB6470E590A6B5ED1BC3F55CE65084F1F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0541-615C-B601-00000000FC01}3176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010057Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010056Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010055Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010054Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010053Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010052Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010051Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010050Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0541-615C-B601-00000000FC01}3176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010049Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0541-615C-B601-00000000FC01}3176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010048Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.621{49C67628-0541-615C-B601-00000000FC01}3176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010047Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.292{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37F204C0739A6077FC1FE56397371E44,SHA256=99F80EE2310CCF1702C4585E7A95DDBAD971741DC0851B805E1B6BE6879CCECB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010046Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.136{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C576CC3CEE42352E6BDBB91D5A389C0,SHA256=D8628CE05B4B273CC9A9FD7F6DC6724E97ABFF776B28FC672F28AC48A443A760,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010045Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:49.121{49C67628-0540-615C-B501-00000000FC01}27321184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000026026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:47.424{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50335-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x800000000000000026025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:47.424{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50335-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x800000000000000026024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:47.322{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local50334-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x800000000000000026023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:47.322{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50334-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x800000000000000026022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:47.314{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50333-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000026021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:47.314{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50333-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000026020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:46.718{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50332-false10.0.1.12-8000- 23542300x800000000000000026029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:50.708{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBCCDA502F1A0E0505C0543C6EF17468,SHA256=D60A282EB1B0FAC8A207E1729C90F3B0343F8F9CA7CA51B7F31794C286320CCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:50.667{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22D7BD7CA2D31BCF23C51EB986623878,SHA256=9D245610A4179CFA3000D1C45550E713D1453A9AEF0F1D86696B6D1594C69BD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:50.339{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B9B81C8600B38DA0E0883C79DE77F47,SHA256=99735FC14470908F7FE65A8AC24BDB5380C719FE0DC80E0D8D91DD65B783DD8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:50.489{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=924D31B5F324CB8F476BC9B58D3EEB2B,SHA256=E082B815C6D3A2D5C412F7979971D15F053EAD06A5D56EFB6E75A03672E200F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:51.708{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1BA77D2A0D09C3B97C07C1BAF6615F3,SHA256=861ACA52024C16AF660ACC5A8F827D3B43861EF19EDB4BFD72ED7194109B3447,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:50.185{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50066-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:51.480{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C96981E3C49CB98B0967F133FEAB8A00,SHA256=B054BE4716A30C8ED06CCDDC0D743A3415A23738548A56D5D445164615A62B95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:52.605{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84A69F4888D4A39CE1053E1DB59AC31D,SHA256=0E12448538A833FC56C31038A732A94AD0D8D0D636F53B60AAF2F6B6E0E8ED8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:52.708{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=901F9B71A9AFCC88E1F6EA27EED2701D,SHA256=4F31D601F4432D69B4460FF6588C68254CCFBE13806AAF211E187FD8C68E2A6E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:51.842{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50336-false10.0.1.12-8000- 23542300x800000000000000026032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:53.723{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99C7F58BB4BC70420E7DA8DC59E4AC9D,SHA256=4DAA1EA4052B1CCDECC7E78C5FD84AAD42BEEA6D5D609DF1510A15A22D6117BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:53.621{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CBF41415D77786828F20B3512663A592,SHA256=C9C606733FE1F4B5808B5A0A03CF0E5A89A1B2F804423D609AF83797F84DBF75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:54.770{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98ADD39EB5E262BE273274ADF03A726A,SHA256=9F1AE9290831480150C785C42BF84A8B601598EC8A9E47C94B6E5BA4C342E6B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:54.621{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2F867AAB33083A8FF1BE598C90BB0B2,SHA256=0EB1959A455A21F60D93CB894597598A638AA4752D654B79C8D6864EAA063BD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:55.848{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=653563514D127DA7A590E4CE63D34329,SHA256=0D2C9C388127817A83E231FE5F2F382CDE2E19485C48A26F5A4FCE3459D2441F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:55.621{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C105EAA788B9CF5641F000E3DD0BDF7A,SHA256=E5736FD84A42F2D15F8C8AD4E6ABBA6B65B8220FCA276E91E01334D099CC0E34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:56.864{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A7CDC196E8CCBBFE8091203F6E318A9,SHA256=8A5BF4603FAC2586DD8B35343DC9ABFA8CBD5CD6C4EB8AB1E2870AC6AAB0DFE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:56.839{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DF279185DB22B2EF2B7E05EBDFF4F8A,SHA256=2C0DBA9412904B559934825D651B885F3CD0EDA6B4D147B9478D90F4EBB40B35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:57.880{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=531D51BDA8FCEDE6AE20C45E2B70AB51,SHA256=85BF4DF788A361BF08E43775870B3BA40B7D14748A37CA70F2D0B2FF10C31054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:58.969{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC3A1E4FA2091D8F1D4CD27855B81C42,SHA256=3D16EAB10F5CCCE4C287866F3DB98C3F5DE02C9D4051038009FC777BB4F7C554,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:56.170{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50067-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:58.054{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=365B46D9BE6727ABC0DDACBB1436E2BE,SHA256=9528CF08A2A6E825579EE40E046AEEE637C71C1EE73C0F9782DB190D7FED8932,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:56:59.179{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB5FE0B0F5BA5E987716DA3A7484C9F1,SHA256=D0AB6934A873F29D7737CADE9F0676F72F3B9C039E5CFE5F4C213E88FCE02AEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:59.595{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=539D87BA55E9BA34CA9B60B3F4E7E8A1,SHA256=1630FB50619CC372EC1E3D3487CE1B59FA8F9C2198A3C12C4358D78702C2E374,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:59.595{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=73FDCF5D8C1C96E6AB67C3E57B855EB7,SHA256=98001FDD652766EA344E6A072AF5D21E60C709BE5815C2513C075C8BEC0ADD7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:00.414{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D9ABD666D60C27F9A73B24F4597A550,SHA256=477B52569E16A536DC768F7FB77F8DEBEBA96667E043347689C4ACC176212404,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:56:57.760{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50337-false10.0.1.12-8000- 23542300x800000000000000026041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:00.001{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FF3AAC659A40E02F85E22A9C7736EC9,SHA256=E086EFEE9DC9C8E6AA04168BDE0F9585A371A7FB0EC972EC49D12565266103E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:01.460{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9952998A14850DA36013F11D3DDCA064,SHA256=E0B26C40AE89AA800BACE282ABBAA62EF333413AE18D186D0CEDE76C96430A16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:01.833{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-037MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:01.001{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF6005F14B20BA2123FFD14053EF2B71,SHA256=2CD40267C2D420C224FDBBA6668A39ECBD3AA052035DAF2B414166737C6545C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:02.601{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43BCBE34F2D09B89E8968B4D820D915E,SHA256=36C5573D4CD4C9B99D7B593441614D57312C1A64C0FACF82F725C55D8C1A1E37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:02.833{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-038MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:02.019{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9A396C60C6CA571952D8540970A0FB1,SHA256=D3E67002F045B30A6C559CC47F54BF549ADF6BD8478EF31FC597E5D3D87AB588,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:03.632{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2F173AB5819E8C3B0BBF9A8740987BA,SHA256=E0E07A83B2F934300D7DC4619BE2B32AADBE4D64A33BF37D50EAFF2797CAED4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:03.034{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7DD0F18A35E53C5FD77279AB757E07A,SHA256=72CCC3788F8F327B09A6A98D64D0B8731D8854BEA4819F3F2812A8DF8B9A661D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:03.414{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=D817949E0F875CC90AF0009B8BA37380,SHA256=D1E6EB4D4C3DFD7520E8EE4A4C8E6FE955525E8A96F727783B7054E8FC8745FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:03.414{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A3A2541B1345FE3C5E20B01EE75170DA,SHA256=6F2FADD281DFA4C02B8428C64147D9366C76B9D7A2EFDFA1E0537F2B365E2FDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:04.632{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CEF0D3B09EF6B3B434016BF6D681176,SHA256=5BBC130BF983B564402E1AE1AD5F173AF1D5E7F9C122F71209D6BB84E38C1F97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:04.037{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F350DAB61EA3735B07BE72A4810D746D,SHA256=B832C76BF729C8F73ABD2DDCA5ABB1A0D0A04AFD0F62705C95664394BF118FD2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:02.087{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50068-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:05.632{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D984E974A85D171286E171800144342,SHA256=63B0656704971BF204B09D294F0D506EB8C5A115781D3A44E5B78FE29912EDA8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:02.777{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50338-false10.0.1.12-8000- 23542300x800000000000000026049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:05.068{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63E23A3DADD3A6F91223A44DE5D69D62,SHA256=B8C73CACFE19452B78ED76772BBFF9700374C8AC700703DA8BF246A0C05C649D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:06.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E89D020A174F8A636A7881E4DF752E7,SHA256=3C6D42A1B03BC53C89079AB9318E194DD3B91B5ACF879817BDB81A9E472245DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:06.162{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E36B6B0E9919CF0C796779A5FCA3F2B3,SHA256=97FFB153BD136536E2085BC1E97EA63C71A74E8EBCF2A2610F5DB4F597AF7583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:07.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E02FA2416D964C09E5F3CBA8E614DF0D,SHA256=126141F9ABFF6F783DE7ADBC2D60F996D25EC3FAD75E171799FD9BEE1435AE7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:07.178{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C346F0694CB7C16733B11129565B2FDA,SHA256=9CA20F8A710CBF456B43273D3F1C29BE40B8E1F2EE7E8A19ADD2EC827CCA2319,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:08.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78CB910C709A61BBC761B6F8B004D821,SHA256=4AC957068E57497E510C8AD7B977EAC833CEA688BA99447745F3944115400232,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:08.178{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5E66C8A4475F4009F43D47729AD573C,SHA256=A740D4E84FF94DB50BB478D92489D45F57E1C51DA6B25C55E6D95313FA6514DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:09.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=986D1B919A1D356E183132457C1F3A06,SHA256=19AB8BBDE0CD064E67F058E3D8326063B7EF3FF813F3565F7BA792F1E41C5C6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:09.178{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24611B9A99DBB7D6C6105254FCCE53E5,SHA256=4F9508A2D99A14B4DB866D2A8F31438650E1580613DEBD89F6B284D9498DE091,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:10.664{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C81CF6C0F90E8B77415F14FC6E88F2C7,SHA256=AAAC2BB2669C76EB10F8071C82BE7D66B6D775CDF79F3633A46C33729FB4D1DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:10.193{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52152826300A4D853EEE52B623121A5F,SHA256=2EE4F3B5B24BB98C9B9A82F7EC414EEA27B9FCD791D1385949B1643A7E9338DA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:08.087{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50069-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:11.664{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CA0AE3ECF8937B70A2F2FB4DAA2366C,SHA256=FE1758199BA3EC8D35074D23F6D0D15E37A879BADE0BE857D0792ECFCF326666,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:08.655{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50339-false10.0.1.12-8000- 23542300x800000000000000026056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:11.209{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F69461E95D9A36B575ADDDEDC8DE9A3,SHA256=9F3B463591F128A78FC4AB655ED14A50E1D48A493E396C422EB08669EC155B05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:12.679{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7972409BE4E03D6F9EBF703DEDF8B188,SHA256=CB355E777CDDC107B38731C42BD6252052EF71A9D47FFD2609200820238BEACA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:12.225{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A3D8726805A52EE36119CFA20DEF6F0,SHA256=C40035B236D7FF36541CA55AF72CEB776B5F85A4BB308F877BA08EE299B40F8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:13.695{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9D09796D1BEACC259B3E1AB2B00540F,SHA256=48EEE14A92A72B2FFC7CD4790F78A8B74C10310B6885AF63AF2A1CF4B2FA4617,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:13.240{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3539D781E0C3491F769AA59FDCA60AEA,SHA256=3D469E2CFD87A1BE14958BA6FC0DB1DF3110FDABE673562FEC9CBAD7097C6EFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:14.695{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F09386790D8E3BE3DC82A81E21303AD1,SHA256=1CBE71146D945085894B0AAA18E4E877425FFBFC42D6A9BFE5EC42E2FBD60A2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:14.334{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD5164D7577C3B4DD4654B77FCD825EF,SHA256=19B29285E2A209C0A7BC15986F86D8F93C34CD77BA54AB818740C6960A24AF58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:15.710{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6849052D6C38226BC4BFBB83F4958840,SHA256=5DC09B8544403C56B45985A4A63A823283FFA6BF59E3D6131395583904858177,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:15.412{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=579079A1B72996E5CD3E03F94B36C6C3,SHA256=E96D0A47BB0E056EEDF52437A5C628DC0529BAB7C58C37A1D2D76CCCF4114158,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010094Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:16.710{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F2C9A5DAECF3A8A489CB184270F9058,SHA256=E9A48BE2836295AB333DF0CD911F9AFE5F000011CF9A44EF244B2358D1F30D42,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:13.764{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50340-false10.0.1.12-8000- 23542300x800000000000000026062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:16.428{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FEC910D9EFB0A9664A438BA9BB033F68,SHA256=C2F0F58BA9E631355BBAFA25B99ADD822EE8901F6DE4878B6740F7F1A1982615,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010093Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:14.087{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50070-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010095Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:17.726{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B03DF44397259987F58D65729A02DFF,SHA256=8D42554972BAA2C311825DBFAC8FA726313BB375158936606EFAFFE2E851EC7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:17.443{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27CB128B3907BB0F410E5211E80AD3B6,SHA256=95A7D578D6D6596D4F9D28A8E4CEAD7768EE71201FF74F6A6844371728F6C12C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:17.412{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5752958E9961463AE1F3C4847E896CE9,SHA256=5EC208A3AF778D80F478F728B00E9CD310E337942D3BF391C78112F89167CCC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:17.412{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=539D87BA55E9BA34CA9B60B3F4E7E8A1,SHA256=1630FB50619CC372EC1E3D3487CE1B59FA8F9C2198A3C12C4358D78702C2E374,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010096Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:18.726{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87BFBD422DD54C260DAB45DD4FA24093,SHA256=DB00088AF2E643A6BF1C95620BF5326C1834ADF06AADEC95AAD77D090E088B64,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:15.999{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50341-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000026068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:15.999{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50341-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000026067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:18.673{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30AEFA4F09268383B5A0BD60F5D30776,SHA256=E8F8E7FA394813A57D154973C99458B779FC7EC1CFA80B56FD14C3A8113105E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010097Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:19.726{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D85DFC2056981E8C9422C3AD5A41B6C,SHA256=2789C0AE26942BD70557ABE17AF78F12A9FDE6802FE57D22541B91F251CDAE42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:19.766{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=490B265B9601CE34A626F60AD0450D23,SHA256=F760DBB17E7C88C85090327731FDCCB3D903D1498A5108037D66F5DD6E63006D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010099Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:20.727{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3207AD849C4FE84F1FC11FE41B92EC23,SHA256=A4E5315CD9071105E7A0CADFCDD7D267BCC2DDF46E68CB5B3E3963114DDF002D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:20.766{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A6C891E4EEF539C8F79128318BBC943,SHA256=4E9B8168C4F89DB825971C5D8B01C8E0670F43B3208E972155A6E7FBEFF76A34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010098Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:20.542{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-030MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010102Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:21.955{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD8ACEAED2786979100236B3082BFEFE,SHA256=039EAECA9131DD086CC014FE19DAAC6AB85FDF799DCC40CB8745B9BC4C491B67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:21.813{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A74BC0B3CE12B393C88ADBC6823CA5D,SHA256=641315FDBA0C384386CB583D455A5D25BA471CCAA5C1B63268E2BDFDC09892BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010101Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:21.556{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-031MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010100Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:19.197{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50071-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010103Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:22.989{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4604B89BC767F820541324E406034CC,SHA256=C4C5014F0E23BCFE4309CEC66F8BE6F4C7339DBCCA2246DDF3CCE1AA9B3C83DA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:19.619{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50342-false10.0.1.12-8000- 23542300x800000000000000026073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:22.845{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C1112C65ABE5DFB10FC55D6C0741B9C,SHA256=286924CF6285A6339E3DECB98B0E7986AD9F0F635D51413AF1AA4D107B7D03BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:23.892{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=311707D18C804A656EB263921F6F0FB5,SHA256=70A3C5BD1EA2687147F3D9DB1BE4BFAD9E01C51D0A11B9193A53A1462B95892B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:24.923{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03A1DBB8ED65AC9BAC64EDEDD11A96D1,SHA256=158F843706F1F562C946EA65D02FAAB91DFBCF8C2757A2D51BBC1F2B9CD3D494,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010104Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:24.208{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7323090B8E79B701BBDAA257D45DFA3,SHA256=67BC577A21E16C211058CE97F70EC2F7DCD64098B541168D5743F4C8E058C3DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:25.938{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=882D9F290359D026E6129AFACFCE2BBF,SHA256=54C7EB4874E1F3E85E91C603B5E04CDD2EB718C0D53DDAF973D1930644CF5DC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010105Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:25.442{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FC6D3018F7521CABDE20A3D268C987F,SHA256=9111BD935F88785983B5617E1FF8976BA40730C8CBE19991A750DB105126CA03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010107Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:26.676{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49916D0F52EE73118FA2455F6DA007FC,SHA256=1DE3FF87C0A913CF6894B974E3153F192172620711713967E9B365DFD3E6B7F3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010106Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:25.100{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50072-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010108Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:27.770{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43F31FE213D077801964B33BAC552C82,SHA256=F0CC33FE3204B3C211786B6B8E530EC2DD41700F5878594534BDDBD5137FDFF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:27.173{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=264C0C9AAA802390898B63E6156AAB80,SHA256=9C903881BDE9A8D75FC9F454DBA6358A4B10D6645BEFACB4B3989BDE7A0BCCA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010109Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:28.770{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B85A58A9F690C90FFED24531B700646,SHA256=C3EA695FE7D7C5DECD7C8C10007CA40529D85F41E10032061E8EEBDC3F4CB367,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:28.188{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F299C5490521DA0F04976591B355241,SHA256=84D45BA221E2896F21AA8F12A457DEC1E8A1E3F8100174D6ED5240F01B636859,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:24.713{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50343-false10.0.1.12-8000- 23542300x800000000000000010110Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:29.770{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A6C2B35A9DDB45EA3F963568DA238BB,SHA256=6BACEC3BF83039CC3E801E20BD9E017E9A04F3B7B466FA78E04D6A776C367F6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:29.204{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2565F3779A204959AFABE42E8107CFA7,SHA256=6E8E745422E60716FBB26AB8B31CEA7CC81695E625A82F5C57DC2159CB94DA61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010111Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:30.770{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C7F2F52176F8BCED0A0F22FEB124B57,SHA256=D0E3892D63271D1B7DABFF33D8735E7258C11728E3A712477CCA9465506ACC59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:30.204{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F491C01EEA3D918FDEDE01EC7AFC651C,SHA256=FAA0955FAD36CB85463E495938590070AC42010BFF7FA7B132AA10350D19FE5B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010113Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:30.256{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50073-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010112Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:31.770{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84F5B284BCD901435F8D2BDD89C0E7E5,SHA256=345183DCCEBC0234AEA456027C5E2DB4C7A9C630D0615520FE452DBDEC67AD9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:31.251{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3EBDFACBFBB334AF32DBACC39DFAF2E,SHA256=974F5D22B502A90C05F8D93556B8D76A383E6B57B7263AF9F011AD84CF4D2923,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010115Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:32.880{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0418F61644889692271184A139EE1C5B,SHA256=0DE7E265C0FDA0BF1633057A9F15F5003068EEA205A942DD51F07D45F941CF7A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:30.681{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50344-false10.0.1.12-8000- 10341000x800000000000000026117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.735{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:32.267{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19C979C0210B8416C5542F6D0320D4BA,SHA256=2C2EE60A3B922F724DE9C2DB64C15140DDCFDFA049AF6A4AFACDD1350CE9B5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010114Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:32.286{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=396AAAE37468221592C7737C0CC9E37B,SHA256=3F0DBA0AF1879FE0A574FD848782AA47F7FF54C5F4ADD7B2B301DBA5AF1C67DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:33.626{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E52D11448E0B2D82289131D09A63C4C7,SHA256=018CEB01B572E08C903554F202805FB4D1C23C3F13100C3CC0E10A7D7E7C1210,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:34.767{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=415BC644D8E787D3160C7C9AA1EBD4E8,SHA256=1FC340037EE3A3D56CFC9B0E766067ED58D7839FD6623BF1D5D9B6D2FB48293D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010119Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:34.645{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010118Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:34.645{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010117Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:34.645{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010116Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:34.114{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B9F40CD983386EBD664A7BDEE72F324,SHA256=670F0A54B4BB059FEF55A1419FC6DD33359F29CE8EE0DC122BB000F190678790,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010120Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:35.348{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7173B21361A9E988FBBCCFF62A6FEE5,SHA256=A30EFCDC23BDF464682CBF59AC3084B0D5D35A91253B92114FAE5951CBD68108,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010121Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:36.364{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DC78DDD5FDD8F70896542A23F1E2E3B,SHA256=0923D4B201365793C31472867FFA3E8948314F52E8CFA3C87142DE0C693EF77E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:36.001{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C88B3E64802B553D028D92EA5A9494EC,SHA256=60DD93F05AC7FAA591A119B9AEB95E95D3ABE925A7A62DB5FD9E1A46D263962F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010122Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:37.598{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0F7FFFC943DE2B3DC95DA8E52B51BB3,SHA256=487E14698959B5EB37C40E08594BC15DB541AE1E1CD9799602D171AEC89B6071,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:35.775{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50345-false10.0.1.12-8000- 23542300x800000000000000026122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:37.048{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D3F8BE17EBD2C1221D5735C77D0EB49,SHA256=A14E98791F8D45D9639BBC4D65B1955791BC8A7404EFDB76CD3904D4BCD08FA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010124Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:38.793{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5E6FCB6E4A6584D5967F550883BDCCC,SHA256=D8521B78D495E22AAF19DB87AFF0A6748386415C129E8960FF692EF546A57E9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:38.083{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=633BA1C2CF3499E0A94D81846F5C6879,SHA256=6BB2004A8FE41ECF6EC5FBDEA7BAF44677527E34DC2B780D55FE0D548B74AF0A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010123Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:36.256{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50074-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010125Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:39.824{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B225D86CF110C3F7B34A3F8C7FF16869,SHA256=824D085A7153678CDB09EADA79EF20565637354967AF05A143A8D566D52A36AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:39.177{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39E959FB91F6219D4AC6C1EB707F158D,SHA256=1779DE32F3ED091B4BF230CB13272AC06B17D315F2EAA703A622E76E5573C5BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:39.052{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010126Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:40.840{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C02F3CC0E8773B008A41E9C6D1CC84C,SHA256=F0EE6CD0672A08D10F46DE2204C49180291538DE1B5232B8AC9D109ECFA4C6BC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.942{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0574-615C-9205-00000000FB01}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.942{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.942{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.942{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.942{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.942{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0574-615C-9205-00000000FB01}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.942{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0574-615C-9205-00000000FB01}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.943{6EDEAD03-0574-615C-9205-00000000FB01}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000026136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:38.639{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50346-false10.0.1.12-8089- 10341000x800000000000000026135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.271{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0574-615C-9105-00000000FB01}596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.271{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.271{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.271{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.271{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.271{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0574-615C-9105-00000000FB01}596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.271{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0574-615C-9105-00000000FB01}596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.271{6EDEAD03-0574-615C-9105-00000000FB01}596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.192{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24CE8AD636E996C2CF0D556C916F3380,SHA256=0C69425526939BFD9D26549734F5A964FD002DA234A61DFAB3052F02EF984869,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.599{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0575-615C-9305-00000000FB01}6528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.599{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0575-615C-9305-00000000FB01}6528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.599{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0575-615C-9305-00000000FB01}6528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.600{6EDEAD03-0575-615C-9305-00000000FB01}6528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.271{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E8C04D028A107A90404CB87197135404,SHA256=3AA098FCD291D59F14B0D6C3660159D12070BA4F1CBF6C0DABB61A62D4011075,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.271{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5752958E9961463AE1F3C4847E896CE9,SHA256=5EC208A3AF778D80F478F728B00E9CD310E337942D3BF391C78112F89167CCC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.224{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA9863568E895AF9374475B27E88CEA0,SHA256=EF4DB23014CA5A9C78DEAE4F221048F3CF232AEDC675655D921AB89DC66F3138,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:41.099{6EDEAD03-0574-615C-9205-00000000FB01}2965076C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.755{6EDEAD03-0576-615C-9405-00000000FB01}31162888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.599{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E8C04D028A107A90404CB87197135404,SHA256=3AA098FCD291D59F14B0D6C3660159D12070BA4F1CBF6C0DABB61A62D4011075,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.599{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0576-615C-9405-00000000FB01}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.599{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.599{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0576-615C-9405-00000000FB01}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.599{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0576-615C-9405-00000000FB01}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.599{6EDEAD03-0576-615C-9405-00000000FB01}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000026158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:40.810{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50347-false10.0.1.12-8000- 23542300x800000000000000026157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:42.442{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65032065495D98D4E897DFD6B64508C2,SHA256=41CFAD06ADD86D23FC09203F4FAFA93D877ED2213FF365E06A1014B3ADB9C497,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000010137Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000010136Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001d84f2) 13241300x800000000000000010135Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b6-0x4ab790a4) 13241300x800000000000000010134Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9be-0xac7bf8a4) 13241300x800000000000000010133Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9c7-0x0e4060a4) 13241300x800000000000000010132Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000010131Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001d84f2) 13241300x800000000000000010130Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b6-0x4ab790a4) 13241300x800000000000000010129Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9be-0xac7bf8a4) 13241300x800000000000000010128Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:57:42.824{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9c7-0x0e4060a4) 23542300x800000000000000010127Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:42.058{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C867ED81D4FD919E614AD8A088E3671,SHA256=30657F23BE2BAD230AF6E152BB70D7EC9C24400DB0583B3CB0F9448329600329,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.880{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0577-615C-9605-00000000FB01}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.880{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.880{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.880{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.880{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.880{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0577-615C-9605-00000000FB01}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.880{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0577-615C-9605-00000000FB01}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.882{6EDEAD03-0577-615C-9605-00000000FB01}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.646{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=393F80FA0C00C529C369C9215CA054C9,SHA256=C3D9FB6E4B3DBD751DDB7242B859816757931371EC74ECCC6D55395982CD11C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.505{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC7054F8B16EFDFB8C0B72773D18A2A7,SHA256=65BF651CEABF1C09B63D61FA8ACB26296A7EED780912EBF762EA0A28223D9D9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010140Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:43.371{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010139Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:41.279{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50075-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010138Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:43.293{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1212097D35FE7BAB8B54287EBC84FF90,SHA256=7AEBB5ED471619470F4B5C4274AE9C9D6051E83C3A651D35F1A1E86BE7055566,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.474{6EDEAD03-0577-615C-9505-00000000FB01}70324784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.271{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0577-615C-9505-00000000FB01}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.271{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.271{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.271{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.271{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.271{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0577-615C-9505-00000000FB01}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.271{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0577-615C-9505-00000000FB01}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:43.271{6EDEAD03-0577-615C-9505-00000000FB01}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000010167Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0578-615C-B801-00000000FC01}1084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010166Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010165Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010164Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010163Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010162Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010161Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010160Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010159Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010158Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010157Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0578-615C-B801-00000000FC01}1084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010156Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.980{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0578-615C-B801-00000000FC01}1084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010155Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.981{49C67628-0578-615C-B801-00000000FC01}1084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000010154Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0578-615C-B701-00000000FC01}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010153Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010152Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010151Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010150Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010149Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010148Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010147Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010146Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010145Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010144Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0578-615C-B701-00000000FC01}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010143Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.480{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0578-615C-B701-00000000FC01}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010142Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.481{49C67628-0578-615C-B701-00000000FC01}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010141Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:44.387{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D7920FE61E0DE8CD874BC0BADE1E956,SHA256=271FF5E93B222B7A7D86516A0458575717C50F48455D5D9083A7BF4E10B0171D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.896{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4401106C178387B2432F01FAD475685B,SHA256=C7D23F5180939260AFAD01712E3AA62DF004253C191D81A52BACE1B67615A0D1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.724{6EDEAD03-0578-615C-9705-00000000FB01}37761892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.552{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0578-615C-9705-00000000FB01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.552{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.552{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.552{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.552{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.552{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0578-615C-9705-00000000FB01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.552{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0578-615C-9705-00000000FB01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.553{6EDEAD03-0578-615C-9705-00000000FB01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:44.505{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E631D270B815F4F3772C8D369C4C96F9,SHA256=9F55A1FD52CA74AF65DCFBFEC0E39759DEE077892781F619FE0232C5E7991388,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010185Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.762{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=014B3DFDFAE0DEBF74AB70821EB1403F,SHA256=BB61415CC8A2614193BBDEA543B04AE4F681CB839DE636D8EC0F67EC8F50D2E5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010184Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0579-615C-B901-00000000FC01}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010183Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010182Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010181Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010180Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010179Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010178Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010177Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010176Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010175Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010174Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0579-615C-B901-00000000FC01}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010173Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.652{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0579-615C-B901-00000000FC01}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010172Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.653{49C67628-0579-615C-B901-00000000FC01}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:45.505{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DF843FED94F3975E1207983EAF7871D,SHA256=0246DC7DC846C743E05E10510DBE6DF0C8BECE82F414780A6BDE3D3B920567D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010171Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.480{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=922CC9646C8D9580904F297EE9FFD334,SHA256=552D63F1D3FA73CC763BE2F5AB04261F18000617A514C24E8FBFAE6B08F2321D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010170Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.480{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C36A7CD5486C2BBD16D65256A762EF8B,SHA256=C0066BD0D175E2D1FC547C3CC4789C99764B0F84AD1A66DD50C8D7BA5C6EF284,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010169Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:43.391{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50076-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x800000000000000010168Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:45.183{49C67628-0578-615C-B801-00000000FC01}10841928C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010201Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.934{49C67628-057A-615C-BA01-00000000FC01}39203916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010200Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.824{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=922CC9646C8D9580904F297EE9FFD334,SHA256=552D63F1D3FA73CC763BE2F5AB04261F18000617A514C24E8FBFAE6B08F2321D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010199Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-057A-615C-BA01-00000000FC01}3920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010198Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010197Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010196Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010195Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010194Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010193Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010192Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010191Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010190Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010189Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-057A-615C-BA01-00000000FC01}3920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010188Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-057A-615C-BA01-00000000FC01}3920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010187Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.762{49C67628-057A-615C-BA01-00000000FC01}3920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010186Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:46.668{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63A9EE06F02B1239DE1CAF72B6B4FE07,SHA256=15A5ACB147B7A0B973E4BEA2C895AD2225471FE0F03C4A765A18534D7ACC2F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:46.552{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=773D2A8A279AE5B93C6875290DF07BA5,SHA256=40155C7988CA074A6C567A67A0AC25B31708EAE88C88BE8029447199B1024653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010202Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:47.871{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ACCFED13F5E90C256D4FAC713B08B29,SHA256=9FAF10CDDE5AE5F96C91B051766010B72887B839940FB935615B09B372320BF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:47.568{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9D092A1F10EEB1CBE10A22546DECA10,SHA256=F9F3D2634D5CAD2CE48BAE68352A2ED3B26225FAA1BB4D564367F4AE24ADDC32,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010231Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-057C-615C-BC01-00000000FC01}3268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010230Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010229Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010228Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010227Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010226Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010225Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010224Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010223Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010222Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010221Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-057C-615C-BC01-00000000FC01}3268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010220Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.965{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-057C-615C-BC01-00000000FC01}3268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010219Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.966{49C67628-057C-615C-BC01-00000000FC01}3268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010218Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.887{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B83F4ED5D68233CB20D1C1877F37A21B,SHA256=69070DE4BC8B454CF7F5B9789829F84D22F155EBE02CB2662C9FB0F575BE87F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:48.568{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=282DD81ABED4C5A883287B8AA48393AF,SHA256=5594693AA1173A0499C5439406C1AFD9248CECD674AD126A4B6DB22D67915BFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010217Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:47.279{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50077-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000010216Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.468{49C67628-057C-615C-BB01-00000000FC01}17604068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010215Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-057C-615C-BB01-00000000FC01}1760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010214Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010213Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010212Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010211Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010210Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010209Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010208Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010207Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010206Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010205Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-057C-615C-BB01-00000000FC01}1760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010204Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.293{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-057C-615C-BB01-00000000FC01}1760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010203Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:48.294{49C67628-057C-615C-BB01-00000000FC01}1760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000026203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:46.841{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50348-false10.0.1.12-8000- 10341000x800000000000000026202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:48.161{6EDEAD03-FC1B-615B-0B00-00000000FB01}6365952C:\Windows\system32\lsass.exe{6EDEAD03-FC18-615B-0100-00000000FB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000026208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:49.583{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33E5488E4E0E4B1E4FFCF3C66197AFFF,SHA256=D545F2DF9C7099B5174D79B1EB92BE8A467CB0CF9DFE7CF34C300EC102345E0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010246Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-057D-615C-BD01-00000000FC01}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010245Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010244Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010243Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010242Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010241Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010240Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010239Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010238Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010237Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010236Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-057D-615C-BD01-00000000FC01}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010235Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.465{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-057D-615C-BD01-00000000FC01}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010234Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.466{49C67628-057D-615C-BD01-00000000FC01}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010233Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.355{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E5EF3222A67E158B75B3AC3675348D6,SHA256=656B12DB37C2C8D20DF20667BF9FF49B6B184965B5746AC52F6FD09B2302F7C3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010232Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:49.201{49C67628-057C-615C-BC01-00000000FC01}32683036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000026207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:47.766{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50349-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x800000000000000026206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:47.766{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50349-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 23542300x800000000000000026205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:49.177{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1565AA04D8306EB519E70681F2A8F007,SHA256=F339D533245F43CD8064B86D9DBEA87B9A234D64551FECCF7B6B60A0E4E5AB76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:50.583{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B454656C7F165090277A50B49F05289,SHA256=E5C1B91C19D798952B94C60EC62E9EEAB00066C136F9241659A8041E451D2A69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010248Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:50.590{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6EE51D130C96E96276308CD0B10B879E,SHA256=E38955928BF44EECBEF274F76DE0955D4AEF525D8A197B370425C08D2454FA6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010247Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:50.027{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B604E211E155AB736FE8E56207DE2B01,SHA256=5F44EC78A01E69D57328E5D7BE8315A89EC7BBFFCBF90BBC4A1FA086B4C29828,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:50.505{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=A9CC2481775B0CB593744B45BFFE9951,SHA256=63B60C88FF71E53F6CE3DBC3782D00F013CEAFAE9394E9767E59ED1AAC53D0A5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:50.224{6EDEAD03-FC1D-615B-1600-00000000FB01}12886832C:\Windows\System32\svchost.exe{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:50.224{6EDEAD03-FC1D-615B-1600-00000000FB01}12886832C:\Windows\System32\svchost.exe{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x800000000000000026209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:48.158{6EDEAD03-FC1D-615B-1200-00000000FB01}616WIN-DC-6760fe80::b879:39b3:8bb9:e640;::ffff:10.0.1.14;C:\Windows\System32\svchost.exe 10341000x800000000000000026222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:51.927{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:51.927{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:51.927{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:51.927{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:51.927{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-057F-615C-9805-00000000FB01}2692C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:51.927{6EDEAD03-FC1D-615B-1600-00000000FB01}12881796C:\Windows\System32\svchost.exe{6EDEAD03-057F-615C-9805-00000000FB01}2692C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a7a1|c:\windows\system32\UBPM.dll+fa34|c:\windows\system32\UBPM.dll+cdcc|c:\windows\system32\UBPM.dll+d395|c:\windows\system32\UBPM.dll+dc95|c:\windows\system32\UBPM.dll+e9dd|c:\windows\system32\UBPM.dll+e0a4|c:\windows\system32\UBPM.dll+11662|c:\windows\system32\EventAggregation.dll+3fae|c:\windows\system32\EventAggregation.dll+3ea1|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b55|C:\Windows\SYSTEM32\ntdll.dll+6585d|C:\Windows\SYSTEM32\ntdll.dll+656c0|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:51.927{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:51.927{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:51.599{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C07DAD8EB49A7DB64454F6610AEBF299,SHA256=7E9186AFE8357436B725701B609D307B95058938A73EE6936ED4B8EEB367F370,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010249Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:51.027{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B7BD529A719C4C1B807440EE7647A3A,SHA256=5DFDED1E4D43310ACAF25A9453A5353B2F6E475137B8A7F55F900E4569068B4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:52.958{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C227C528734C0E637CD4512E473FDEAE,SHA256=118D436FE1E1A2A83A9E5E9C51283AB4AAE2E7751E931986C4615D47328088E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:52.599{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8DE664F3A6AC3AEFCE8DFEA3381C28B,SHA256=58B5CD868E7F5B1360A26E8575E8B8BB32A5460DBFB68E179211E2390442F639,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010250Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:52.262{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=789DC2F87FA1439AA885A38D70C0317D,SHA256=78C10C5C0920D301066DF70C931DC56696B2A7A18C74DF44E1BA5EB4F0864D6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:53.630{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DA3C3F6983442B377679DA1082E67B4,SHA256=9182B7ADD106C6C419C6A3FBAA931A654E182A208FBD290712F2607B6D23EB1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010251Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:53.418{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96BB0E390422F85AFE8E4C5EB85078B7,SHA256=603B9A378BF134631B73FBD41A6F69190B62DE94601596A0D81721198694A26C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:54.833{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B5362A72DD21B22265B1EC5E4968BCC,SHA256=9C0EF6F460167086679C83C8B25C4F24D0883F1E123D64F4CB167D45703A2F55,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010253Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:53.141{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50078-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010252Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:54.574{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F7CDD19E38EB7BD5027D46519658E37,SHA256=CEE7D9C1FFEB04943B5B7EBE8B0D8E6FED811DB68B000D0217AD96F6C972F73D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:52.670{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50350-false10.0.1.12-8000- 23542300x800000000000000026228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:55.833{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4730356D27BF3BC51E2EE657010AF86,SHA256=5B6492979377C3D50E362B378CCB8E2CEC5C045A2BA0B555D0DF2E407D579498,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010254Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:55.715{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B341162677E21CDEA0CF7396F825366,SHA256=D5BC000519169495E0BDD1BE3DD432D368C9819F358794D8424A9D6B3D2753CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:56.849{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4D8A8FB75123A211EFE5546F80FD279,SHA256=3D7A5F7A902A61072DA216101EFBA88A0EAACA3544101833F355287C5BE3CC06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010255Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:56.840{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5573F9DC3620FF18A321D9C7B266D5E,SHA256=E81534C42C2F8989C0FE1341D05DA32FE7F9E774C73BDA55C3E0A34A628E04D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010256Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:57.902{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F48642F3CBE95437DCE227C5E99E0C5,SHA256=105D9885D026925189DED98A2176016F7BE25E2C3066DAFB4E716F6F3D9331BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:57.880{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3804BCAAF5F921BDAEE8D94AE5F160E,SHA256=F5385F505532E065742240DE926C7C858A80C289273FCDF6B9908ECD399E0DD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010257Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:58.915{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C62B013B0613B1B55E8019C5AE39BF2,SHA256=122538ADCF8BE71CD45CD883022B315C9FEE05E987F9335ACEE8D91D2668D79F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:58.893{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=185D8CA2B55AF89A130016EE7C857402,SHA256=B48D3138CED059B501F31AD53241B582E20377796B449F3FEB8598E308A9D6FC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:57.729{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50351-false10.0.1.12-8000- 23542300x800000000000000026232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:57:59.908{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32D39C68723CC853F2E19F5DDB9652D1,SHA256=2FA125B4E44475FE808608C1020BA8D61EB671491E0A1ED625A9C9E0AA36EB2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010259Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:59.915{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97A9A2B1E3DAC15FC0AB83CD165399C6,SHA256=D709841C059BA774F8D01DA8F10C6CAC64E27B9F6DB09F3F41624976AB8C8AD9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010258Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:57:58.166{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50079-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:00.924{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F99F2DA41EC724E857FFBC273E465AF4,SHA256=300179AB07BFFCBD8E37F0270CDA2B300E96DD5B7BD3F5FD02C8A406FC986962,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010260Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:00.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9E0DF2E136A4ABE392DEF740F40543A,SHA256=9A31C38BDA9FA3766EEA0D9819ACA974C404A9688AC8F4C7EEA5242FE7D22D30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:00.033{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=54C78A4B8FDD478605A69D36374C1CFD,SHA256=C77B5CCE8044493845B2A53F4CEB2B36826733D67B8D6A1B48E58D354D180A4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:00.033{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B997DAE4914FCA139B608DEC9ACEAF1,SHA256=652390A5F615D1DCC628ADE50DFAE326FCA510510F34198E7D34BE1E96156438,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:02.158{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42F4A26EBE6FBDDE23F7593A5468154F,SHA256=E3EDAF711280D70AB96CECEAA8C16E654BF87E6F618643589BE55CD7A4B7BE73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010261Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:02.024{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6DF853408CB0AD7E4D883B5074083C1,SHA256=FD67A0A55CF15B8165C85A9DF5A44F7A7CD7F70B60045B3894D5854B0C1F9305,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:03.365{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-038MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:03.160{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD09D9CB09A6EF3FB7399FC32D7FD7DF,SHA256=12705A4A8F422847615CAE2AE8C1E07B3E3C4C6EF82F2BC6C548CC4AFDFDEF3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010262Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:03.118{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5196ACC14F5D0FB2C7F82B77EF7E94AE,SHA256=A0A512439E37234DB7833784B74607F687A44CF67E5A7E47F50B44D1546A2E64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:04.377{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-039MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:04.268{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64278EE69BB8AC52625B1584B68FBC68,SHA256=22985C3683E84AF6913E3A448C62674A18404990D14AF67A245D3B8747ADA3C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010263Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:04.305{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C2A3E63E2BFDA49689BF636E8F9B4B2,SHA256=0AF7A664B6E0218AD0573BED139F8D89E712D800267D99EFC266CD3109105B0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:05.487{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66B7754CE3B296CB1C66A54A84B483C6,SHA256=EFAB74736E929DF373788DA9964611E971F662508AD92447A19F9D64E656BE33,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010265Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:04.104{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50080-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010264Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:05.368{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2834FB06C5253BF777210D2EE9032DD9,SHA256=8ACFE4277B3BCEF27D850CF03E205316842E291AE44C2700EB1818D3DF37C950,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:06.722{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4ECE1DC232D0288807584CFAC8214094,SHA256=B55E96EA052688561515FA9884E55A25D16259112AA10D940A7DA36783259C36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010266Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:06.540{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F82521A0176F47E6209688E67554384B,SHA256=16DB71751D36C7AFAEDC970A5A1DCA72B6D5DACD0644FD9091CC16A8EDBAB3F3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:03.713{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50352-false10.0.1.12-8000- 23542300x800000000000000026245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:07.753{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75A4288981C1DC1A8792E30B0D3A6225,SHA256=072EFDC21CD39D520507E8B98FC1BCF325E82ED09072ED7F58BCA95B6C0AFF09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010267Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:07.540{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2111894E78718FBC472F9FB6255E69B9,SHA256=0E51AD73E8D84D275C2B859F94AC190DA1ADE32BBAC7AA49DDA98827975C5EDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:08.800{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41CAB7C61EC7D410BE9D62C3A897CF14,SHA256=C1FF4A120E28170603F46C65B62E975EA259EC6D963CF6DBCA3768E6FD3B6E3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010268Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:08.774{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FF627B8E51C10292D5605BE69D474F7,SHA256=8979C5EE49EA32B9F1D17E1387C5EACD3DCA1188B080F1765876ADC2E88FA23C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:09.831{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=272ABF103800A019820C6D59D1AA12C1,SHA256=74E1776904D6D303809ABDB55E9B3A73AA6392D88E6C232FF3900631802CC0D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010269Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:09.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAA6ED1C5783A8BE13AD270B1E625C0C,SHA256=E5B3C6C0896CC887B8973B67766497B16F8FF1040ABE5D8A374D16E382E5256C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010270Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:10.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=001939ACC92C6CFABA0081FCE2A26C42,SHA256=FC1559681149DE3693558AA8DC119CE999FFA77DBC8878C47905DCA0A5B6E257,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:10.940{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFCEF081D6286E2385034F293B5CEBC9,SHA256=DF1F8D4AEBDCD8668EFDD34304362C251E3408945F9DC4C3B06243EDE87C6B41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:11.972{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78F062193836FCE6F0322DBF7806952D,SHA256=C5D9D4F7DB6DAFE05A40A552FECAAAFD084BEFC1456E46F7FEA4DEDBD5CD04CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010272Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:11.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64A64028806ED4D67EC7B7383AED2591,SHA256=67C9C7DFF03337356FF7FDDBC4ADDB9627671B17DF1253984A122624FF3D499D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010271Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:10.151{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50081-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000026249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:08.714{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50353-false10.0.1.12-8000- 23542300x800000000000000026251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:12.987{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D279F170D7E0956C24B573E34327749,SHA256=603E5E15E47B0892D44B024E844D9C90110D684ED98206F9B176169E6D0BD30E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010273Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:12.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB2C36F1586F23F34E35961393FA7689,SHA256=F9387474E3B1BD841CC29C317EB534EAC6C97A9BCC267E168D4A72EBC60BFD3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010274Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:13.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5EF70846866BF79C5971756139559CC,SHA256=DF9916C39C9D08A362F39D1249F94FA06657F849260CC02C91E551B6CFABFB3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010275Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:14.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73D49C7ED7359A216D50E87A709F6A07,SHA256=5CEDAE3347EB370282DDBD18C6C6808BA331E9AC2351C4B8CB9EDF866019AD9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:14.019{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8889C80FA716F12084DC7B33313821D4,SHA256=01CEC20110ACCF55B09268BFF7DAEB7089ED3873E4D164FE30FCDAD32E088A2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010276Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:15.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DC003AA86931DB6282813C0D70E4290,SHA256=E2C94B8CC2FF5A2A7DC2B29DDA7E0BB1B91A2703DC85DE271285694B6FEE2C38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:15.206{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E08C6343DAABC5EF5333999BD46642B3,SHA256=966EB8807E24456781A228398C934FC6448F6C0BE9DB2B6DBF9ACCDEC24BFDAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010277Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:16.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7CC7D574512E09BF1F9460B61E6D9FA,SHA256=9E86BBBC869807DCDB09584FC57BA1FD6B6CC9640CFD2D1E01CEC4D96F8201A3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:13.762{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50354-false10.0.1.12-8000- 23542300x800000000000000026254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:16.222{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CE6A0D8BB813542AE6322A4ADD665CD,SHA256=F70F4F6CEF89813C3C30316E9ED93C40483DE20BD71B0ECDB7AD348CE3A9A6D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:17.628{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=16F6D21419D49B7FF642CF9ADC7DC199,SHA256=B828C44E393E31971CAA125A8B3DF0183BA9552EC07A0E66C83C6FA997B64408,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:17.628{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=54C78A4B8FDD478605A69D36374C1CFD,SHA256=C77B5CCE8044493845B2A53F4CEB2B36826733D67B8D6A1B48E58D354D180A4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:17.269{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE51B374BD4465123E903AA7E03C8583,SHA256=71901BA8D2F4C2A9B3A7830F7BE081FF8A13A78A87221C47070E144AF88ACCC9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:16.011{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50355-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000026260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:16.011{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50355-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000026259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:18.300{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8DF04616C73DEFC94AEA054F55AB7D6,SHA256=6BB55D1A9BB817288421F63A0ADAD09D30FDEA75A0C01BA0A7C5E647FA00B0BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010279Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:18.103{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5251E4750293D7D0D72BD39803A4A4D5,SHA256=82FD5729F46D50720A9F8430C22B6879FDC1DB385637EBFA53AC95937F89D664,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010278Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:16.088{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50082-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:19.347{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F20D0995EA9F5A98C6073FCC02D7980A,SHA256=B778E7BD0BF1776EB3AB7B8BFC5C3743D5D37EFB1F4149CCC3B5A4393084D296,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010280Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:19.244{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0D973E05B7F5D2FAD5383E07156A946,SHA256=93A4A43654573CDB72686D87896E78237D5E3BFE95CB512C77ACEB752363F94E,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000026266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:58:20.832{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 13241300x800000000000000026265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:58:20.832{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x800000000000000026264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:58:20.832{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 23542300x800000000000000026263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:20.363{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A32BC2758B93D74C8DD5E5685D533D59,SHA256=99C1F66550F4E4B2177001A60682ED4140B5F22E2C53F42E2371D0C9C4ACDBB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010281Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:20.369{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9305429D6193B953A4F038B9D71401B,SHA256=575C372403440B5C41844ADB1ADC95519887AFD4B5E1C81EC5222C282437FEF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010282Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:21.510{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CAA0B277E026C6459D262E970D131DE,SHA256=51BE9CFC0678A593666C5F7AB99AB35341BDA58B945158364C7C8DECCBD95640,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:21.847{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=16F6D21419D49B7FF642CF9ADC7DC199,SHA256=B828C44E393E31971CAA125A8B3DF0183BA9552EC07A0E66C83C6FA997B64408,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:18.855{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50356-false10.0.1.12-8000- 23542300x800000000000000026270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:21.378{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A9BE78EF5F70D3D1A8BDE2C234A0EF6,SHA256=DFDAFF2D05122C5DB1278054AE6FFB18CE8AD8FBD3C47EE619B134E1DE9BDF09,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:21.378{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:21.378{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:21.378{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010284Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:22.616{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FE82CA700C2EC17433ED67C34BA3271,SHA256=2D60B2E2F8799519AD31B36F78EB2517BB7049090643512674CED4C2320C40A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:22.378{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D63B90981F3E9552B2DC444C957B348A,SHA256=4C549B3413C790984098C7EAEDCF57B9004AEB0AB5C4AC3AE088FE881842ED1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010283Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:22.076{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-031MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:20.455{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50359-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000026277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:20.455{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50359-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000026276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:20.448{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50358-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000026275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:20.448{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50358-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000026274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:20.435{6EDEAD03-FC1D-615B-0D00-00000000FB01}908C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50357-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x800000000000000026273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:20.435{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50357-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x800000000000000010287Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:23.647{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E9CD8DD88C59AB25C0852E1611CA9A3,SHA256=1297718CBD76A0536F8EBBA1A2A0FEFFE42BC46B1C574DD5A850BD24D2B38427,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:23.378{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AC6C75DAE13F0A32E0FCE222729D409,SHA256=AAB6E641D88D95A6609ECBDE0D13D07481B1A00D554D2DE3976CFE4A1CEA3C70,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010286Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:21.246{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50083-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010285Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:23.086{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-032MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010288Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:24.835{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=656F89F92EDCEF8F889C3BD643FBCB56,SHA256=410FDACD6F2EEF35FC00248003C04D331E2E152CD49E4A84528C7CCD6807FFC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:24.394{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B8A178FA04D7D38D5BA755838E516E3,SHA256=BB60EBCE93406508BB0824BE62C545D66A1039A3651725E26C010FC2B777B3AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010289Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:25.850{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22D9AD1FA23E7E04D9EF3100A0154D3A,SHA256=1DB1894496A90595FF463770A8514324F4943BECCFD35CEED1CFC443119ED276,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:25.410{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E3533E9A25386B5AFC7A5AF08024C7E,SHA256=21C9A5B1EBD78EFE5544BDEB42DD34ECE504C449E330DFDD4964FE15CD00143E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010290Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:26.991{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85D6BA5A7D560F4FFD56304E3C708484,SHA256=06B3725AE940AE745A99EB408693C302401101F60872952ADE8C4B0347959758,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:24.761{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50360-false10.0.1.12-8000- 23542300x800000000000000026283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:26.410{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22963653A03B1AAF8208E4EFBA8893F0,SHA256=A9439802B118068193160ADA5787FB04C4439889FF3AD10FE1E413BDDC3C55B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010291Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:27.991{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=781A977F985F54EAA536F22CE1C339E3,SHA256=44E47443CD3D60BFFB45043329539F7A0DB67388C961111C363EC948B8C6410D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:27.425{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75B752306D692FF36CA27B7477324E89,SHA256=FE9F23A4F328DCA46290E9A9363752CC66D2B19805D72B644D923BBFA6B4C133,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:28.441{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1F5E9C228D7A7A4649A4701FBD9B8D6,SHA256=9873DB1CED79823786940EAE53E5411E7CE389C65321B0E3286FC4E2B2BC659A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:29.457{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E41198831C54EFA844A73BA82E443CCC,SHA256=2272E39EA19D2C641DADF9FA9EC78C8476EAE64670AC5212EEE05DF45233F4FB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010293Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:27.164{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50084-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010292Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:29.007{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4AA945367E616B1E9B73A99261EB137,SHA256=D9FAE96D97FE6572E34DD7FDEFE65636132EB9A59B173A7A01ED31121B7C2F8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:30.457{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C43F001AF82E6D1173BBFAA91CDF5A1F,SHA256=720140E79AC59FF844221EB0D8B8AA0B7E3CBB5344AE20DDD7EA4034BD53EAEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010294Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:30.022{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A9C7B62F01F03B340AAE66161173365,SHA256=C00D47741C23799DABAAD81F27A8ECA683BF1A26FF6CD46A9F9A50306D61287E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:31.488{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48B5688043C89CC32AFFC16CC4D3CAE7,SHA256=8C83760B4CB52549B1EA1462D339471506ED94CCDA017E1DC0C918E4E109D9BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010295Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:31.022{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FEF0953006DFE6B602185A5DBFDA5F17,SHA256=2A3E5C37B49B49FA4B278E2678ED330BE32EE0D46223B8B27A3AE7BDE7C8805C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:30.730{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50361-false10.0.1.12-8000- 23542300x800000000000000026290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:32.519{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB101A8C5989FE66F691424BD1A305A9,SHA256=12EAEC19D2B14C03C9C26CFF92474D37258323B47CCC2AFE001CA100CDC191BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010297Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:32.288{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E32F423950E3BAF2B9C5768994F55692,SHA256=E8316E39482A04820934B4F41594ACBA064BA9445C2BCB18D3B20235DAB6D0DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010296Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:32.022{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B66B89D2D411038CE1E18555F8CE3021,SHA256=2B79D8F7EBEEA767E37AA61B5D139CEB323B5A42C654569EFEF3DDA39B759949,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:33.566{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A26E5171F1780C7939380A97B113DF41,SHA256=5B619687CDC90486DD9EF826511C3FBDE22EB67AA88C57B5F16747A84D6C9A77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010298Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:33.022{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF6C18B559B7DC513DC15CEF58DE244A,SHA256=A326CE4725A9063B24C4DA011FF289B3DC0E8B65036F08C38E4B8C58FB3173B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:34.566{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E641BB27A97978D42AEFF2A32C783AA5,SHA256=21ACF4195E17C61FE0CD5F4E8C946C52A47450D3B514820C69EDEAF1844024A7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010300Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:33.055{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50085-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010299Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:34.022{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=849E540526EBFE4CF16D3E905D033645,SHA256=3FED2A73AB092A4BB03E811840299175F3769FC19D85617A9E99A51C4A27E5DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:35.800{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0420C39E66DEB61B2EAF057CE6D9FEE,SHA256=81D04AB674C854F8E5965BD27ECFEEF73E5D4E9A058D1ACE75709BE0B8820117,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010301Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:35.038{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D87BA070C6E476B315D52C11DFE4778,SHA256=B0B01430AB3460DF56A017D6B8C0F9B37B2253FF3E2F5508B6BD9637698F53CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:36.800{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF8F25E77C7CEE3163909E6F2345253D,SHA256=18A0524BE074A28963F8B7CA71504FC9A18AEE5AAC01199D8A563D21DA578AD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010302Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:36.054{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFC5467E836A03FA81B004C431E16947,SHA256=BAC7019B01287F42ED1784C2F210138BBA9E7617903B9977A3CDDC69CC78C7F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:37.816{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DD25C8F82DEF3D9B605E1B9363CD83D,SHA256=E206DDB264818C0D5006178A3E298A1A787A4A002A6532CC95ECE48967A6B18C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010303Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:37.069{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BD97B31749B4A50E05CEBE60952E868,SHA256=63968C9E46B190487407D2323C7C543F656B647B522FD2F06E38FB9E1D48503D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:38.840{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=195A0B21A360306DDB834FC9B42F1C67,SHA256=C032824EA5D99486A4BEFD34B2612AFCCEE738D3A3D736360C0E5A90D5FD54B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010304Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:38.080{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F73D90B085BD525A149DDF63481BB242,SHA256=B9E1CE1EC2CCD7F2FFEE7DC8929CFBDD58C25F4C8757B9BE9D86C01C46ED423E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:36.668{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50362-false10.0.1.12-8000- 23542300x800000000000000026300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:39.855{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=969D0ABAC6FA1E3BE06889550C836C2B,SHA256=2CEDD2F068031AC6EF154120EECAD54EFE2D6CEE4E0884686DC42C76642BBAA8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010306Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:38.176{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50086-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010305Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:39.080{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A7CECF33192D2BFD1E9C2383B1B2B30,SHA256=39EBAC3B07A203779F2C76BD1A6077513AA3F151905D236ED0459A10DB8244A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:39.074{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.949{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05B0-615C-9A05-00000000FB01}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.949{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.949{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.949{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.949{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.949{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-05B0-615C-9A05-00000000FB01}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.949{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05B0-615C-9A05-00000000FB01}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.950{6EDEAD03-05B0-615C-9A05-00000000FB01}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.871{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=606174349F1F185345B2A37FE7743A61,SHA256=F8A22E631F6F9A010767FD787BCE0DBF4139FEA24279A0367B0871A920A92F32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010307Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:40.096{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EBF0BA6516D8740C104D8AABA1742D2,SHA256=339C447C22C5C26775EDBB363930A03ABB38E1FFC8AD02EE94982554C7A2405F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:38.660{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50363-false10.0.1.12-8089- 10341000x800000000000000026308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.277{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05B0-615C-9905-00000000FB01}5344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.277{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.277{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.277{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.277{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.277{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-05B0-615C-9905-00000000FB01}5344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.277{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05B0-615C-9905-00000000FB01}5344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:40.278{6EDEAD03-05B0-615C-9905-00000000FB01}5344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.871{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E95DB8BEAA32B337AFDA5F495BAC7FE8,SHA256=F92667CB779DC004BF9D2A49531D68BF2FC2E85C50D62B0B22DF88E89B4AB655,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010308Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:41.096{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE770FAAEDD57FB45A09EA07BB9672E9,SHA256=8381A46341FB9F80FCF050701010A7AE0C0C416D78AA640EE3C74419685CAF82,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.574{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05B1-615C-9B05-00000000FB01}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.574{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.574{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.574{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.574{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.574{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-05B1-615C-9B05-00000000FB01}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.574{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05B1-615C-9B05-00000000FB01}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.575{6EDEAD03-05B1-615C-9B05-00000000FB01}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.324{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=768869C0EEDA15BA9323C5E20B806F79,SHA256=55A494298F865D3E249CC89AB34B5EC3C859C53A1ACA371154A28A7740C2007B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.324{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F66E2500F61062CD30E70C735022CDB7,SHA256=AFE7AD4DE6AD20E1845574F55ADF2AE737170DACB84A986D24C187B7C5864051,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.090{6EDEAD03-05B0-615C-9A05-00000000FB01}53485212C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.887{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=409560400A88CF055CAEA08EE2A0DDAA,SHA256=B415367EEB04DE4834D8677E26322FCE7BFB53E52C3223EFD7B169BAE3D3F778,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010309Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:42.096{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D6A33C5F62DB65855EAB7C531A33C04,SHA256=302A11035F56DBF55F7DE342ECB2CD48D64819F59956D41BBCE130F4771E47D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.746{6EDEAD03-05B2-615C-9C05-00000000FB01}42886776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.605{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05B2-615C-9C05-00000000FB01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.605{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.605{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.605{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.605{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.605{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-05B2-615C-9C05-00000000FB01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.605{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05B2-615C-9C05-00000000FB01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.606{6EDEAD03-05B2-615C-9C05-00000000FB01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:42.590{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=768869C0EEDA15BA9323C5E20B806F79,SHA256=55A494298F865D3E249CC89AB34B5EC3C859C53A1ACA371154A28A7740C2007B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.918{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05B3-615C-9E05-00000000FB01}5396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.918{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.918{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.918{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.918{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-05B3-615C-9E05-00000000FB01}5396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.918{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.918{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05B3-615C-9E05-00000000FB01}5396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.920{6EDEAD03-05B3-615C-9E05-00000000FB01}5396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.902{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38EF2A73153633F4CF78C71788A96FE7,SHA256=2B32C4F722250F6B8111B6D0F4DF0171B6D9892A983891BC42724137F6064D79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010311Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:43.393{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010310Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:43.112{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32646898B2F912F217E331DD3D2F818A,SHA256=156327CD477795B7C1B28EEB261CE9D8DBFA0910828ED5D347EC124F3D1DDD7C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:41.675{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50364-false10.0.1.12-8000- 23542300x800000000000000026351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.621{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE12DA5A086F5C36BEFE9E27CD35F0DD,SHA256=9E6EFBAB64FED091064668C12636680BB20D1CD0D73660869C1A6C88550BB511,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.434{6EDEAD03-05B3-615C-9D05-00000000FB01}45166748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.277{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05B3-615C-9D05-00000000FB01}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.277{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.277{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.277{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.277{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.277{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-05B3-615C-9D05-00000000FB01}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.277{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05B3-615C-9D05-00000000FB01}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:43.278{6EDEAD03-05B3-615C-9D05-00000000FB01}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.934{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91F64EBA761925A885AD67EEC612A580,SHA256=26C565CC3867E75FC0E191D3DE25D7F025F77B28FCDCF6F8542D33F1F6479B2A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010326Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:43.410{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50087-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x800000000000000010325Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05B4-615C-BE01-00000000FC01}4044C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010324Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010323Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010322Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010321Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010320Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010319Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010318Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010317Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010316Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010315Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-05B4-615C-BE01-00000000FC01}4044C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010314Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.502{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05B4-615C-BE01-00000000FC01}4044C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010313Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.503{49C67628-05B4-615C-BE01-00000000FC01}4044C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010312Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.112{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AAF9C6D16C4DAB89675F82F1AC96C85,SHA256=13FA5B3503B5E93E54D5E1F72AB865C6132281D6BFB462134C56A74EEE75FA13,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.590{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05B4-615C-9F05-00000000FB01}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.590{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.590{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.590{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.590{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.590{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-05B4-615C-9F05-00000000FB01}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.590{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05B4-615C-9F05-00000000FB01}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.591{6EDEAD03-05B4-615C-9F05-00000000FB01}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000026362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:44.090{6EDEAD03-05B3-615C-9E05-00000000FB01}53966868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:45.934{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=182AFA5576352E45320B2473E09774CF,SHA256=1FC08396C3E024B77D5BD9254161FDEE6B0838DE3A9584EA6F2880A656AF2F17,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010357Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:44.082{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50088-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000010356Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05B5-615C-C001-00000000FC01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010355Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010354Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010353Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010352Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010351Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010350Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010349Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010348Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010347Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010346Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-05B5-615C-C001-00000000FC01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010345Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.846{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05B5-615C-C001-00000000FC01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010344Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.847{49C67628-05B5-615C-C001-00000000FC01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010343Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.518{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7713DA07FD773678B2EE4F10FAD94524,SHA256=7CE7A52FCC60B1F81D68769025F3F13493E49290EF494833CFB1B85FB5AA46DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010342Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.518{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=592B709B3A328EBD32AB3A625D33C7F9,SHA256=29932255675701864907068C8A56036E310BB029D9CBEB66C1CD0666C607452E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010341Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.346{49C67628-05B5-615C-BF01-00000000FC01}35563428C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010340Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05B5-615C-BF01-00000000FC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010339Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010338Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010337Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010336Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010335Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010334Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010333Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010332Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010331Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010330Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-05B5-615C-BF01-00000000FC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010329Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.174{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05B5-615C-BF01-00000000FC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010328Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.175{49C67628-05B5-615C-BF01-00000000FC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010327Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:45.112{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D8917D22686782EEBB54F38CBCCAD3C,SHA256=4D06A680D3FEFCD26D92FCB3E424487D2C4E9CEE3B4E8BFF6BCE7685C0ABF559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:45.027{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=00452FD330FBA53C9AFB2710A54E9459,SHA256=992C8EEB7306AF5AB49B266ED05234DB9E41C66461721C32B315CE245A3BE276,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:46.965{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B23DFE7ABC6A71DB99BEC0F1E783B56,SHA256=B37004E013CD11A6A05E9A39E4D9E29CCDCC735BFF532439CA483C0449F7F543,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.924{49C67628-05B6-615C-C101-00000000FC01}2592520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.924{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7713DA07FD773678B2EE4F10FAD94524,SHA256=7CE7A52FCC60B1F81D68769025F3F13493E49290EF494833CFB1B85FB5AA46DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05B6-615C-C101-00000000FC01}2592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010369Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010368Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010367Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010366Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010365Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010364Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010363Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010362Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010361Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-05B6-615C-C101-00000000FC01}2592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010360Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.783{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05B6-615C-C101-00000000FC01}2592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010359Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.784{49C67628-05B6-615C-C101-00000000FC01}2592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010358Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:46.221{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76C32961E4CE53AF211FCBD56FA6422E,SHA256=101AEEB2154965C3E11F8BAEF0CADFFD679C36254F3FEB903810A31A7440FAC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:47.980{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=694296F4742A4963CF60BB246615A66B,SHA256=735EBF469922C0E7A13F73B98FE183A2E678491EB9C60C51D8F735935E4EC937,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:47.377{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B830AFA92E9C2F6E248E1D503C72F2C,SHA256=42AC9A2309355B932F99EC943AFD34AC4D2C1D6FC1E32655CD1F00B574C6320F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05B8-615C-C301-00000000FC01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-05B8-615C-C301-00000000FC01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.971{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05B8-615C-C301-00000000FC01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.972{49C67628-05B8-615C-C301-00000000FC01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000010389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.471{49C67628-05B8-615C-C201-00000000FC01}6962880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.393{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EC27B6833E7D1AF9309013B6E01109A,SHA256=5D2442E74C09C1C29551B31D2E6BFC530CB1BE379FFC1C09386DAFE51DFC2194,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05B8-615C-C201-00000000FC01}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-05B8-615C-C201-00000000FC01}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.299{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05B8-615C-C201-00000000FC01}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:48.300{49C67628-05B8-615C-C201-00000000FC01}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000010418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05B9-615C-C401-00000000FC01}984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-05B9-615C-C401-00000000FC01}984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.471{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05B9-615C-C401-00000000FC01}984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.475{49C67628-05B9-615C-C401-00000000FC01}984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.440{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3BAFEBD8075DC99EC3E6F73625A409E,SHA256=F78665DC755C42A36D79A4661FDF73ABB2F22666394311BA52C694C421FB81E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:49.215{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=422F822426B9238AF541B97BEBAD98FC,SHA256=E7666ADB763E0CE7E7CDBA6F64B08456DEFE2EC80FAC579EB811C78E0E05EC46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.330{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F511DD59DED3C607F9CD07C0364DF777,SHA256=15A403008562B7D59C110D9B5DF4307E6629F15D753EB894F8E9934707B76ACB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.190{49C67628-05B8-615C-C301-00000000FC01}1723552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000026376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:46.848{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50365-false10.0.1.12-8000- 354300x800000000000000010421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:49.098{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50089-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:50.658{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58328E14A26784918C64F5F831B2EDEE,SHA256=A47003EBE3895C25B7D5D5964A1637937760FF835F53C2527E1C344828C2CF37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:50.512{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=258ECA6FDD3A25E89ED409314BAD5B29,SHA256=8A5AF690B03C1A88CCFEF4A02FA3AA2C9E674397EAE94F6DB88ACA38295DEC92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:50.277{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F7434517C860B27E38F5A338AC88AA1,SHA256=E6BBCAF9FABB8B7A616E80EA3C83479A190E2F2C0AF546A842A07285EAB8F741,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:50.471{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9F88514AAFC858ADBA1246868CB37CB3,SHA256=FBF21E9914F1EB52EA86ED52CCD74ECA50F50C084D04BCFFEAD4F870E749D950,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010422Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:51.893{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FC138A6D5FE6B9B328DC0C7FCC9456F,SHA256=CDAE67C23F2D94B3126772B95288444E8AF386187E4D5F046281B401E2F97BBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:51.277{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=222F2DC4711BBB5EB20FC42D7797641A,SHA256=3C57F21A497DEE611DF25975B5D24D8547DF5FC9968E77324FB71F55C9DABA9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:52.309{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3825A6ED5B9EF13AF0817DCB817DFE89,SHA256=9C3AFE582D51E0ED3BBB189AADA0BD238B4CE4DADB54DB2BA0FD9196713E53BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:53.324{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC00A6751565A2FA304CDDC93AD11221,SHA256=4A6B7484E382BEEF55F7EF190A1E0CADC37326F90ED3C83654A20EE123B1DE29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010423Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:53.002{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=467A662204FEBDEE720D952474921F8E,SHA256=6129B6D57713A7CA4837ABA4ACD2D0C3E4E20CD25018FA605CFB0BD56AFA2C17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010424Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:54.174{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5DC6A05837AF2E85021EE2656A6FB3B,SHA256=D7098980A1E90EDCD10BC4ACE2EB490CC6C0D75A5062EA957216B2F0105E5040,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:54.324{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69DEAB05EDCD711993529BC6F6B1D4E4,SHA256=E37F486C8021D51AE676569947C0354B03C814365A4C33AB91240E3862287950,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010425Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:55.190{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23D3AB6474C3B380F6E88B49C5E403CD,SHA256=76051118122F6C5C63DBF72B0844D68702D7C69C1E4C0776EB9905BA61333FA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:55.356{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B015C6F42248EF85FEE40C5EBA840F44,SHA256=6DC060635433391BDDCCD74A9E902207F43A82E74A67CBA107CA17AF2DFDDF9E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:52.863{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50366-false10.0.1.12-8000- 23542300x800000000000000026386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:56.434{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A9BFC4FA93C2DA4F8B9782C552AE83E,SHA256=DF58457B15AF0CA47CF7689798F6BA809373292E5EA2C0CBF7FC38298510DE3D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010428Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:54.245{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50090-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010427Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:56.205{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FB9DF61D174FE0351EDFB4538454BBA,SHA256=881E8988428A9714D27B7396E341DE1B57B6AD52E8C664A898F1FAA37FE2C80D,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000010426Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 07:58:56.002{49C67628-FDEC-615B-1500-00000000FC01}104C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b9be-0xd8a05044) 23542300x800000000000000026387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:57.668{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAF7ECD6CF04DD5E04168BEEADF7FD86,SHA256=94375A5F7DD89ECBC6C26A69975DE475CCD7463E57B2174E7F759289411A8D4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010429Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:57.205{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10B51A157858F03F5FB3103971840F16,SHA256=90563771ACFA81017EA52288F192C6330DD130438E3D05EB05E779FFD7EDB07E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:58.681{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD95D5200CCF7C1A18DB233CBA5131D5,SHA256=619EEE1B9A05652175202977D6F46D27BFC58F7002E8EDD9623BFFB71BAF8D38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:58.219{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFC821804058D4D1880A78715EC8B5DB,SHA256=54F0D202EB4938C6DC71642911CC1E75B8FDDF66D1DF357E921352684BCB20CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:59.713{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=082491C00426417FCFD4682B8F2D00DC,SHA256=05E19BE2990BDDA420B6F0DF6006A722D74942FFF29D9EF186CE20212A8960E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:58:59.219{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B66307A0A5E47B37A19AA80DA6F26149,SHA256=F79CBE76E764FD8636E319EBBB0166EAB921EC19DCE0C4B8CE84796B07885F23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:00.728{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E6F56E803D35CCA0EC15ECE939C1B7B,SHA256=CE22077BDFCD694B523D8FFB55B4BB91EBD0A1178D2A1816C06643B04804B734,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:00.219{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37DC81C774A98868D0FDC414FA4A92A7,SHA256=475E467F2B3091D47C113C239CB02F37ECD451D8712FC2B753FE6FA17A01D3FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:01.728{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66E56FEFA49957F4BF805CCA96FC7C66,SHA256=9C72F5BCC7FF236C301FBFD8B75513D57E0F04BB8B86E3A03D7D1B12594AA69F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:01.219{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D03A2E959FC52D1926FB573ADF4BE585,SHA256=21358DA0D68A18841CBD7D4A61EBE1E4ABDDDEFE4B0E838C9BFA92C176D25707,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:58:58.610{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50367-false10.0.1.12-8000- 23542300x800000000000000026393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:02.744{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F881550BE04719C9A75DFDB29DAB348E,SHA256=43372D26D637D45D0C813B17510B1A9094C776E42D7816673E4343BE69B1B5ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:02.219{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4F199862C6657DACF7896AD7FB6B851,SHA256=640B3E5DFAAD29BD68B234B5C910255C5FC51A52582EBA2DC66D05221BD2AF94,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:00.236{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50091-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:03.759{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B94B1DFF6AF6DDF17A790BF793BF0B17,SHA256=4F784D8B5BB75AE5985F7073323FF51B4FCFC6846EBB57135718BCB2C1930DBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:03.219{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=297B9949A5B7B42989427503EBADAA0D,SHA256=7D9E65A83EBD6AFE397B4D384BC3699B40311FDD0D9138EED8C9032D1DDA2791,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:04.906{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-039MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:04.775{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF5C27833E8D386F7CFAC11D7CDED883,SHA256=BBF404B0D24D59DCB6FD7CED7AF3077FA29C119DCF69519823CC7EBC60D96127,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:04.219{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=449FDDF82B9E6BB80B6D5630E5EAC30E,SHA256=23CDDF8145656A7E02194414012B8F0D7491E0D1B6EFF4D861BE740F472251E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:05.907{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83A81E86ECCF74EDF8E4CBDDA953B5D5,SHA256=654B7458BE39606FBF0905D6980CAAE0154ED804861EFCD62E32286595BEFD3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:05.905{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-040MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:05.453{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=930E43E4CAE6FC02B98F0D4975783B60,SHA256=41BF0BC73CC426EC241AE65C1F608DDC102273487FACE1CA9AC4A756FEEDF2F7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:03.626{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50368-false10.0.1.12-8000- 23542300x800000000000000026400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:06.921{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC9C279753B93C5C4C28101134FFA3A8,SHA256=CC400C28913B9846D368A0E356644AEA90B849662F8409C7790B2FA9C138C4DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:06.687{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8874A0844B8903B6C21563B5FF4695CB,SHA256=E0F8D28651D1333D34FB86D348C1F397D9110F373DC9D63BF3112A1CAFE3FD64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:07.906{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E25CA9F56CACECF2036394623F78B0B,SHA256=B6F994D789AE9168EC16A317E32781642B53D16C89166DB4ADCDBE0FC14CB033,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:06.221{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50092-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:08.062{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30BA120CB0391A501A6D0FE8AF89E250,SHA256=B666B1B9474E6ABDF720F682D6BA87D385D3A6139B4846F56E569D6E03F49996,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:09.000{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F6A841E6D4F7BC5948D9F94FA8C0246,SHA256=3978AFE0D5CA072941E896549C75C352D0428661DBAF6FDE3B3517D5A874918C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:09.078{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A855E39761224DBCE25215B6F81A920,SHA256=9AF9964A64B556124F9FB9BE0C4F4706CF69A212BCDA4C623F82E55AFAF477C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:10.219{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08BC9C6AE5CD91FE02ED5537ABB5076B,SHA256=4CC7EA1969626ED2F16D40FFCAEDFE11ABD83B97BF89D999622FC3B1B0B6C321,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:10.093{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=027D738D6259CA3822A324371414E04F,SHA256=7CEC8B909691A7A355F58DCA3ED91C0014731A9DEDABAD3662BE89B597047017,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:11.250{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68FA3140AC3DC0C33B93C12A9E5D3EED,SHA256=25D29AE4B203D3E14ACCAB01172984325D403CE11158935CC41B066D4F7BD1FB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:08.850{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50369-false10.0.1.12-8000- 23542300x800000000000000026404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:11.109{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6829D4CAB9D72808BF2BB45D79DDC63,SHA256=84890BB36F30EF7698CCA67C6117491844983A8F288B5611D463A4BB27AD9A76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:12.266{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E66BF10E379EA91AF5573F6AA842F5B,SHA256=BB34347061B405A521E1ED93B4A486C85E4F4D931A5BF059D7306823BC66E6E9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:10.168{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local62489- 354300x800000000000000026410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:10.167{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local54268-false10.0.1.14win-dc-676.attackrange.local53domain 354300x800000000000000026409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:10.167{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruea00:10e:5f45:5252:c840:3d9e:80e5:ffff-54268-truea00:10e:0:0:0:0:0:0win-dc-676.attackrange.local53domain 354300x800000000000000026408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:10.166{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54295- 354300x800000000000000026407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:10.166{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54295-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 23542300x800000000000000026406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:12.124{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BE473AB106A6D0CBB68F881DEF12225,SHA256=AE077E9D145D54B31C273CF40598F3726A680779BEBEEBA17F20158E60E50E2F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:12.236{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50093-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:13.266{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49037C06F078FA700F4192A114DE7A07,SHA256=66FB8353CD60EE59568197AB45C08A5348D247E5FA19726D3577AE94A7CD894E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:13.156{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CA17F72B6D14234635D634D89DA2BCF,SHA256=48A6323F3D9CF8366FDD9B8405B90F6E6172CBCF7EDB530D80743F1E6352767E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:14.266{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BA906BE5E67DE054DB2AFBB862B23D2,SHA256=7568DD297E3C06FC4139FFD553913BDEF4864B445FAEFAF7DF224D8FDD282F8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:14.156{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E41E2F42338A9DDDFE650447D9B8EB8C,SHA256=B92600432A7B8DFE1A20B96E33DBCE9E12F2B4FD3A3876AEAC290AD786D05316,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:15.266{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=204C990A8C7A8F8551D4140018ECFC28,SHA256=50DB4EC181E0D194D82BBB6F76673C93F7DD3742A36971AC610B08B407D32907,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:15.171{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9BE72518882215A3144DB4FA10DD3BF,SHA256=F6C4CD5F7E369089F9E3D9A8ABE12846C0A271312EE6C8E1819F7E47F41F69B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:16.484{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E84097A7F3CEED5BE625852CE3EE2688,SHA256=ACB4C192B3A1BDDA97499BB88D82093C837E69B277FE60BA5FC9D315057D407B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:14.850{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50370-false10.0.1.12-8000- 23542300x800000000000000026415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:16.187{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17DEC3154BD3D6C8CD397696BD848428,SHA256=927B9B4DBE7114C29899559BFD22B1F25371B7402E0182ADF836FC0A37166D46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:17.719{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C47F262CC8ED4217F15D5DD32CCEBE82,SHA256=15F0118CF972ED078E9F03E138C2EC06EE5EF9E8449C7F6321D0BAD0AE79F1E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:16.022{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50371-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000026420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:16.022{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50371-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000026419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:17.421{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BDC619EFD3F933FA48459C5B32866B21,SHA256=A2BA721B2F0F16C130CFBA55CEE801C41A2D31B55499C1C43E001AB29486C200,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:17.421{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7E20DF1CD306AE80F9D5D8907426AB42,SHA256=C220DC449249DC43F62CEABBFAF78356612002B5927061C5B91982AD88D952EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:17.265{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C604E7045CCEF862459C3F7A35DED6F,SHA256=F115EA231CC040282D40CBFB8ED928283812188D7D3CC0BEC3AD4EFE90E0F089,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:18.879{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91E3F0B7FA1CB4AE30A0F1E8D8E86056,SHA256=3E003DA7793D624101055E728F3D246B0C1BC3FC0B3C2DA6098F4C2D3FB8B12C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:17.267{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50094-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:18.311{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59FE878249D7F69F7256BD93EEC3DABB,SHA256=365CE980D3154FBB82E5DCFB8E0688C56148472EB0D039999AD4732DB4DBD8B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:19.879{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83D23E8827E5AE2AE0D000826E72D470,SHA256=7C7CAC0DF2D20670269C555FE7928C11896526F05055517131DA837E2A8F6405,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:19.358{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48DD14D5D438234F88FFD8EB9FA9F175,SHA256=C5B5812619A8D505FD33C0089AEB554184336B6093DC1A4F3F89D09D7A01B0C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:20.988{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15B6DA2DD3A174FAF07B2E45BCA003E5,SHA256=857EC0C66B08F7718A6B015FD2C93C42F352EE661972CE70C3AC58ACA8828776,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:20.373{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54D6A8B2F1034FE02E63211966E2EAE7,SHA256=F7246E306AB4B3288A52E009CAFBEFD2097E7A00C578181BCD066B7572EA9079,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:21.373{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=275571EB7F599E79F91B210DDF29EA19,SHA256=643474D54D956A126A80B247FB3AF6449667A55A0C4031A0B5232B4A5294A475,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:22.373{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDE91FB2D130419306A9651A2FB4401B,SHA256=CC4EC2D49921CFC68C0EA506B868F6D4D1172547DF56DAAE735E0C035030E86F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:22.223{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74F84AFEE609EA441F963F7335DFD379,SHA256=58325B6EE15C59A67B8CBAFA2A216A3F699D113CDFDEC9F3CBF5142B5C737BA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:23.617{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-032MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:23.302{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E70422A9A8A3C447A929E84FB76AA249,SHA256=CFB00B3F14145BE8C4E550F20195646EC96349F0AA9B39B0E2017F3A37E5B13D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:23.389{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5FF16109277BFBB3F46E0F3E9A69BCE,SHA256=DC5A926D829AE9C6CBC9633A9BAD264D395C9D2C2F5D2E4FD629A8534091F238,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:20.833{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50372-false10.0.1.12-8000- 23542300x800000000000000010460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:24.631{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-033MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:24.318{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC85BFEF8FB4C8F126E8B4533FE67DF3,SHA256=5C4CA86D08B50B900314719966392554E4A7BE21E1631BC932C55472B9781F6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:24.389{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BB822924DDA5112BA5B2C57D9A4D631,SHA256=C7CF1506B1A883D4D13D951B8F978096A4EB71B4F219D27359127C33E6C8F9E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:25.404{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CA396CE1424C9867CD0CEC7FD5AE32B,SHA256=E48354A9427612DF5E7B23AE06D5D40796CC665F38159530149AEE101AE4DA54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:25.319{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BDDC39D09979B42FD0D633E42E74FBF,SHA256=8EFAF5F3CD2E54F3C776B4FA49C5AF54B063F8A2D364BA4F6EEEA552FD09D924,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:23.131{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50095-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:26.420{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F893DC2DA75EB96FAC9D6C31EB36EF28,SHA256=A45336D4DE81828BDF800063774FDFFC9E804324880C69F096A8312461B4B246,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:26.319{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E463824F9ABD9C5C789318106E4A99D,SHA256=14C144A6CECEAE358C8DA2A4F3F8525B72A85E5C5074E63F2315F3C59019F1C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:27.319{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A7EF7B809A884AF66381565BAF5244C,SHA256=E171C8EE2A141C4A95EB536B596B1DBE4758C479B2B1F5DB8C9801D9174B17C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:27.420{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D70EE45B1E0505F7423BAA512E99B3F5,SHA256=DA36B0106E0957B4A8956A1818B94BA27CCD6EA6BD66B181EDAD494B989079D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:28.319{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=210F4C9BD892E7C964C08E3CDC11CF42,SHA256=C718B19875B70AB1C7654311C11D3420BE82AADD5054152FE971BFD5E6ECD098,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:28.420{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E67CF440473894F52CA40EE9660D909,SHA256=DDCCF6E9AE50844F3EB108C2E1E85D890B46AD38AF2623F3B5316AE82D56B200,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:25.849{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50373-false10.0.1.12-8000- 354300x800000000000000010467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:28.149{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50096-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:29.537{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F9FCEFBA273BC13F2C10D7094265BAD,SHA256=79492EF0C687EE57751A6A60FCB7808FADC8380A463A0F8A7AC5B07FB6C7C68B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:29.436{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9309C754F2B4E464A36E606A17D9EA89,SHA256=AF897D3269FD1A6413A18280394CB141ECF6666246AE2B76CEC033850B4C2A82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:30.772{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5FE637CB5117FB62776858D8CC59EF7,SHA256=90FD9E41122D2E4BB9F8DC00EAF9E2465540932746E30BCE651A58E97185707E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:30.451{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2017E6B47B740A90D46BC956570C1B42,SHA256=873AA2BDB0A6709E8102715DC64B317F7C6F5302DECAF023C25FA33029949E6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:31.451{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABA1003FD40D94F70C2AACD15A635A56,SHA256=23EF764D6FF46004E58465880C4679F918F9A66CFF489613052D0A47D50F4068,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:32.467{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=617C6DA614A6E192C930076252DFA2FD,SHA256=3137372421F912B01CB279619F30F1CBC2780C9D5DB8625A1D12AB5BA72C3479,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:32.303{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=53F2237C7F670CAF720C23998DAD948C,SHA256=143AD0A5D7994E798F79D2A7BF4023E9D01C5AAA282EDF0C095D43A8ADC7D40A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:32.006{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78BCDF466F46E7C46C79C6802D18DDC7,SHA256=9A8445495F61C1AF13FF7D417AD624C7E326CDA1D091BE1F3F729A1EF4C49795,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.748{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:33.467{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE545A588DC8DBCD3B7228846EB050D1,SHA256=7F1AAE76402C61CB744289971EEB6D060AFE9098966D0B56689F1FFE33446800,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:33.147{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22D40087A303EAF3EE1F73B52227697D,SHA256=9310212B4FEC64B7F4368CD37171A0674BDCEBA8F0D889638B0162D904F9B8B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:34.764{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99F39BB1F4FB9ABF8D6450ECBABC31EC,SHA256=C8A4E200D4A8906A980D8422E468DF1ACF3789FDE05DF6BD130EF58DF30E7161,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:34.334{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBA85E9C5DCE1646F31C172F1FFEFECE,SHA256=3BEEED1309D8F82714568FD12BDC9476E01463034C38075BB2D136B284B9D427,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:31.849{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50374-false10.0.1.12-8000- 23542300x800000000000000026475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:35.764{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2A1BEF16064D46848A73266C730F2B0,SHA256=4CDD9A12A8BD674F440B8B9E968B7DD6571AEABFFE5F4ED426772B46EEC916D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:35.334{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E8C15C8366F7E18932CA21D71F9FC48,SHA256=D8FFE6657383014CD8D3208F7B24A674729E44DBC93952AF3C23634ABD67841B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:36.889{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B177FFD8C7A2B976D87618A6D76ED8D,SHA256=446316D53170D5DFDAEA3AC5507F56F75EDFB6C19AA8DBB6CC9F2F26F3FEFCF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:36.350{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EF8F6CB62FB2B6451A0EBDCDB2954D8,SHA256=D7EEC942D48B784CD37599EEE014B6E8D96088A0469157EAC5C6F802A2C7B92A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:34.164{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50097-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:37.905{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC695A5BFD113F244A9AA4EF404A759C,SHA256=D415AC7E3875B08F7A2811FB36061B2FBEC74E381A3CA3CA007FF861E96866CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:37.350{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F73DDB149F75BE94925E2943E1788590,SHA256=83C59CE345086402E74664636D165838AC7923ED7AC10ECA85627182C0290382,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:38.970{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CA03E589F7DB5A0F73B791637855819,SHA256=E4615F7D3918E8ECDC9EFDA1ECD06C3633615162652E7C7C3CA9727469908839,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:38.351{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D15D655D0C41F1A9EF33D5A538DC40F,SHA256=F46B2385866F2550F3B92A1F4CFCC7E7347C989DB43C690D2E886028545B10DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:39.351{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55491DCB385B7D4D17CEE3BFE324D4EC,SHA256=2848E7314FFC757BDD68AF0542ACC74B8FA5B8BD4D88696AE5E607C55FD75333,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:39.095{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:40.351{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBCF3FC548B1439110A2136CB7555FC8,SHA256=A01305584F04E8B50A419E528BFADB07A15E7570F62163EFBE429E3A0F23BA16,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.939{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05EC-615C-A105-00000000FB01}7144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.939{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.939{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.939{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.939{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.939{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-05EC-615C-A105-00000000FB01}7144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.939{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05EC-615C-A105-00000000FB01}7144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.940{6EDEAD03-05EC-615C-A105-00000000FB01}7144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000026489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:37.790{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50375-false10.0.1.12-8000- 10341000x800000000000000026488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.267{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05EC-615C-A005-00000000FB01}6728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.267{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.267{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.267{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.267{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.267{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-05EC-615C-A005-00000000FB01}6728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.267{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05EC-615C-A005-00000000FB01}6728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.268{6EDEAD03-05EC-615C-A005-00000000FB01}6728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:40.001{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F43E8DBB5633B3980A97CAD97AC7A7A,SHA256=6F9FE5E8B6D7B62AE5827356B6DBFB3ED8093A8E49768C4A05F3DD7B8CE049AD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:40.103{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50098-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:41.351{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2014F14025395796CEC32625739DDBFD,SHA256=155EA99B3CF20FF9FE59068DDFFD118FAF7C021E75AF5FDEDAACD99D1CCE9895,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.611{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05ED-615C-A205-00000000FB01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.611{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.611{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.611{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.611{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.611{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-05ED-615C-A205-00000000FB01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.611{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05ED-615C-A205-00000000FB01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.612{6EDEAD03-05ED-615C-A205-00000000FB01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000026502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:38.680{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50376-false10.0.1.12-8089- 23542300x800000000000000026501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.283{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=914DCB7A6BDCB0773BCAD962A566A433,SHA256=83AE7336954B802F9B0C5C8B352E6583718F9F8A3D918C265B22E48CE33E6114,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.283{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BDC619EFD3F933FA48459C5B32866B21,SHA256=A2BA721B2F0F16C130CFBA55CEE801C41A2D31B55499C1C43E001AB29486C200,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.080{6EDEAD03-05EC-615C-A105-00000000FB01}71446928C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:41.017{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=001736B83B144B7390172A02AFD1ABAB,SHA256=1100D046566635A19CA47FCBEBDFEC42330C1C8867390C326A716C5D35D836AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:42.351{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E320F0B9B271EF82DB7E91A706CF6484,SHA256=6FD7A44E2BA17DE89F11176E69F16A8E50186208FDACB535A4465C79BD542FE9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.626{6EDEAD03-05EE-615C-A305-00000000FB01}39567024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.626{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=914DCB7A6BDCB0773BCAD962A566A433,SHA256=83AE7336954B802F9B0C5C8B352E6583718F9F8A3D918C265B22E48CE33E6114,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.439{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05EE-615C-A305-00000000FB01}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.439{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.439{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.439{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.439{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.439{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-05EE-615C-A305-00000000FB01}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.439{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05EE-615C-A305-00000000FB01}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.440{6EDEAD03-05EE-615C-A305-00000000FB01}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:42.033{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6099EEF5C4DB25809670EB947E2D26FE,SHA256=D514A801598488D23F463CCAA6B028E4A9D7B0CEACA8AAC7E5FDB29A40E3A949,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:43.414{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:43.351{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DDBDB1F000612465A2A70FE70E5DC86,SHA256=E6EEFB22FA5F3483326E6C74E446FD2AAF6F91641AEFF1AAF4B67567A8D789D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.783{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05EF-615C-A505-00000000FB01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.783{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.783{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.783{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.783{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.783{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-05EF-615C-A505-00000000FB01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.783{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05EF-615C-A505-00000000FB01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.783{6EDEAD03-05EF-615C-A505-00000000FB01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000026531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.267{6EDEAD03-05EF-615C-A405-00000000FB01}47003220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.111{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05EF-615C-A405-00000000FB01}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.111{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.111{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.111{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.111{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.111{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-05EF-615C-A405-00000000FB01}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.111{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05EF-615C-A405-00000000FB01}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.112{6EDEAD03-05EF-615C-A405-00000000FB01}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.033{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BF1EE401FEED8F29DC8C7311BE68913,SHA256=0FD3E0F52FBEFE41728BEFA3E780D0C478633476F7E7508BE98195EDC271C298,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.580{6EDEAD03-05F0-615C-A605-00000000FB01}66125076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.423{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-05F0-615C-A605-00000000FB01}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.423{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.423{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.423{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.423{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.423{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-05F0-615C-A605-00000000FB01}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.423{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-05F0-615C-A605-00000000FB01}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.425{6EDEAD03-05F0-615C-A605-00000000FB01}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.127{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BEDB8A712B8C69C6057A6CCDAD518AC2,SHA256=276D1068E3A4E10C4065C004AFDD2BADC80AFE2B8B5DAEB5BBD0C477F295A43C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:44.048{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F42A15994AC6FCE7C02AE291557FA4F4,SHA256=CC2C05895307C7DD7108E7FDFFE5BFBA09AA54A9E062567EFCC357031440EF25,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05F0-615C-C501-00000000FC01}1048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-05F0-615C-C501-00000000FC01}1048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.523{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05F0-615C-C501-00000000FC01}1048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.524{49C67628-05F0-615C-C501-00000000FC01}1048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:44.367{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=504778D373243737E968E04339579802,SHA256=ADC478FCDDFB81F7FC2B0577AEA20F35581986C93883DD167235082704CCD77C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05F1-615C-C701-00000000FC01}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010519Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-05F1-615C-C701-00000000FC01}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010518Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.851{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05F1-615C-C701-00000000FC01}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010517Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.852{49C67628-05F1-615C-C701-00000000FC01}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000010516Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:43.434{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50099-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000010515Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.523{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3D08D15A309D7A4CB6FD9542884E18CC,SHA256=068AB73DCE9B27B100AEBC1B9C1FE3AE2A4F4C4A30B4B483AB0A10B86E73E730,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010514Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.523{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3F18A0062AAECD88F9950D35F4A38366,SHA256=B9E75105173621FB7242B623BC2A32E811A5FAB6A6409A5DAE396F6D61098593,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010513Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.429{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=852CCE59296A1CE6FF29B5DF785C79A4,SHA256=8E23FD3CE0189BC057538B43E18A1DCD13F2A5BBCDCC58A51E7742025422C011,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:43.649{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50377-false10.0.1.12-8000- 23542300x800000000000000026552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:45.470{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9F32B6B70F72FA4477C623A2957A1C14,SHA256=F7B08F889F4CB2F44F665A0868DE1424C13D5CF329B23BE48E72456F3DD63FF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:45.048{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA14500BEAA0BC127682929C23727C9C,SHA256=B1A2977B76C1CD27C7BC8DAE77F4785BC8619DECFA2D6B62A9CE9780256D6DA3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010512Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.336{49C67628-05F1-615C-C601-00000000FC01}39443320C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010511Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05F1-615C-C601-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010510Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-05F1-615C-C601-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.179{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05F1-615C-C601-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.180{49C67628-05F1-615C-C601-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.867{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3D08D15A309D7A4CB6FD9542884E18CC,SHA256=068AB73DCE9B27B100AEBC1B9C1FE3AE2A4F4C4A30B4B483AB0A10B86E73E730,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.851{49C67628-05F2-615C-C801-00000000FC01}16921264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05F2-615C-C801-00000000FC01}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-05F2-615C-C801-00000000FC01}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.681{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05F2-615C-C801-00000000FC01}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.682{49C67628-05F2-615C-C801-00000000FC01}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000010531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:45.243{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50100-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:46.664{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46135D75415169E8B0919FF1F3EDC0B8,SHA256=108FA214775284A42A0D6D244FD507E4409E2C3C25BD8454BE2E607ADB83C9E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:46.048{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D6696A1EDEBC31F57A10D81A8E0D38E,SHA256=096C8F82B7CB3E02B953B1644FDFC9D2D6B3D8A1B0D85AC18E165F20E6900734,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:47.726{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC0AEA50E33C8BFED1AF343A4EEF1CA6,SHA256=CE72B040253B5BE4D4F7FA38A9AF3C5DCFC8F8A71D3166D2AC012F76D5EADE97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:47.048{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4971D82C4BA92FEF800EF0BBEEABD069,SHA256=0A4FA755D2FDEC6EB31A58C316B7CEDDF329CD88820A7C1939630C485921A762,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05F4-615C-CA01-00000000FC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-05F4-615C-CA01-00000000FC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.976{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05F4-615C-CA01-00000000FC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.977{49C67628-05F4-615C-CA01-00000000FC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.961{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4E62DF513CD610878AB964C6CA30EE7,SHA256=C3C4549738485DA2FE9408E185A03C215F6EBAD2755B4B89B0C4E7FA04B4925E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.461{49C67628-05F4-615C-C901-00000000FC01}2312344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05F4-615C-C901-00000000FC01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-05F4-615C-C901-00000000FC01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.304{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05F4-615C-C901-00000000FC01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:48.305{49C67628-05F4-615C-C901-00000000FC01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:48.064{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE6DF81AF420E1A3208027125AC78EA4,SHA256=4DA6E999C8C226AACED118F231BF45683F95FE8E0009F90959D68D00366FBD81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:49.064{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0560998B9603015DF685FAAFE9452B10,SHA256=E3AE78A2667DD4158BDB3989111756FC60AE8F9DD546F717412579B1E7A1CCFB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-05F5-615C-CB01-00000000FC01}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-05F5-615C-CB01-00000000FC01}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.648{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-05F5-615C-CB01-00000000FC01}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.649{49C67628-05F5-615C-CB01-00000000FC01}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.336{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=141C269D068870E2D69794B85E93D408,SHA256=E0B5318A3CF2F8F69183BC5EB8B15A5535D975541308D53641212EE906D12A48,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:49.195{49C67628-05F4-615C-CA01-00000000FC01}35641900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:50.517{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=5491CB315CFCD9CC321D3AE30DCB9712,SHA256=AAC626167C529F28A277D96AE92C70395D96D260F7C2579322C3A62DCFA5AB6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:50.080{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DB06188DBBE107B800511AE2DA46719,SHA256=DE161045EC758F36DB57BF73DDE72E63E1FBE6A2222FEA37B607F6EBF3D79232,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:50.664{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69047EA5F8CA88B9D42FC8620D430F33,SHA256=42709D302819FE65195D1EDC39C66CF33E7F8009DAAF84317B6A026F858FC23F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:50.023{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAB6163B580A884D4BED3EEA1DC3D3B0,SHA256=55328CF28A69A800697B9E9FF1E4C3436C24DC7438689398728E460F060D0E57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:51.095{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB3576E4F989F61AFAC8F13BECFEEA9F,SHA256=08D467973612C45CC1B4534E4BEFAF16E3C11B496DA70285CC9CFE8AC5C8A424,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:48.774{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50378-false10.0.1.12-8000- 23542300x800000000000000010593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:51.023{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D11FCE774DBD6FC157B66255E2E6BFD1,SHA256=55AB576DC3AD4B623CEBC2268A46E86A105602F1B89858D02CE3109AAA5F4D4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:52.142{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D22F4AE09E48FCA818A98FAE23AD4C4A,SHA256=B01CB7BDAC299932255D2C59EE79BBA49ED51ED447579299D9515C6E789A99A5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:51.119{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50101-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:52.242{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73C38167EE208C78B6EA1D7FB65AFBB8,SHA256=8E1B04C44281941E16AC1CEFAA63019E2AE47417D3129EC6C58739F9F378BC9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:53.273{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20CC58A9924DC8865692482D84164EC4,SHA256=75C97AC54E3BB5E119B132701333C82320C3CF30646E84B3DEFF79154576DDED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:53.142{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5DA6553ED6DA5726BF6365B0ED95911,SHA256=8D6C2097F5B6E35B9A7200BA51DDB68DD56E95B5CEFCBC1E018F89B77C0FBEED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:54.273{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A9AB009B92EB9F41B7D11F76C44E027,SHA256=682A854DC8EDCD1C3A4AAFEEC407E991CB25B7A7FBE3809748DBB1A9631D3F7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:54.205{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55ECA9BFC38C6464F97266F622989C2F,SHA256=C8E8D429C9CD1225C25DDBB720667ACD2787C286A958F5E05D6C19935883F9E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:55.445{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11311DDD19F63F8FD644B91DD4DB1F51,SHA256=4011A4BAD26D7E19B0467A23ECB5DEDEFA71BC683AC72B39532A27DF57764752,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:55.330{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDE3249889EB52A2B118597347A0D241,SHA256=579F08A33E3707D53AC2E77FFC08930813D63F6121DA2C83DF4F3463ABE5B45E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:56.330{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=811CA9325DD60AFC24F389B1A297A95E,SHA256=685B063F1E47F19D207397A9ECCAD028139C824E4178B45372ED201BED2DF41A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:56.445{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCD882E217844A41AADC0929249C11DF,SHA256=0E88DDD52C92A3543042B5EC5D67575E7DB70A8878FE041ECAC5F41369575B67,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:53.821{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50379-false10.0.1.12-8000- 23542300x800000000000000026568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:57.330{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30DD136599D488D51E336C684BA48011,SHA256=B4A8C7DE1EE2D501C7DEF36D689DEA4B3353D989B2D655F1A99EF36C0C388496,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:56.119{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50102-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:57.461{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A8B65AD4B1ECC674E650DE43F207185,SHA256=56BD0897417276D3AE3B21100DB841582D3130EFBEFEDCD5FCEBB6270B8C6A21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:58.474{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26DD9BA3F2B9C01643DD61C42194B5B7,SHA256=EFF63370A899326EFBB2FE7B674A398E006D9CD61062F12E02D70ED5B7AA1CE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:58.343{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6817BDF7BC97B30258FE6D99037BEEA,SHA256=445920F03433212BE2E9B5D0A744596924B618107CD443C83600E19E52829B26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:59:59.474{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E58BE6FCAB49A96B91209191C90275D,SHA256=16CFE8C51F60CCB1D949BA166A83B5A72AA004B503E801432756EAF3E3EC2D56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:59.405{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EC585B834CE260A57738EBBF8BC09BF,SHA256=7EFD061C43B5C931B02ECB3AF4358E48CBEAF8E6F66E3EB19496CAF8D8E77037,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:00.421{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EC708685C76EC9391A0D0E7B05161DE,SHA256=ED75F62EFCB829F810964AB6AD47F90155FF2A420C2AA981A484AF82F5BE76CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:00.474{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=529DC9F55DD4662AE953EC69B0738C67,SHA256=44C665755A07602A6F64BEDB90DE557D6C4F19DF7F897CCE12BAD83414E3113B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:01.421{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=812A7E8A2367F5EE9F7AE624284F8546,SHA256=E88D8DB410E7FF80CF907567AB4B66D64B0A5F6B7E9CAD8CC5347F5E2AFC7499,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:01.490{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9959AC0E856D3BDA31BE75569D5D09BF,SHA256=AEE99AA127DC6C8EA02B1B2DF56276359A98FD52E6C1C73D78C2B8279F7B9D60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:02.437{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE00DF7E5BDC040033B783AB515F9C58,SHA256=B68427759F4F978B264A23C3CE892B9B3435E9F05B49E58ED663BF393FFE12E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:02.490{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C6DC3FDC00717F13635093457B616D2,SHA256=BA2136955950D41F5BE10A2FF91DB1A90A922577A0EA7EF03F6609239F607A45,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:59:59.662{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50380-false10.0.1.12-8000- 23542300x800000000000000026575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:03.671{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E558087383C85EFE5A716E03E03FE61,SHA256=98D0A1BD26A889888B1E5C4C27F70420F692D9F55D98C3338212A92C5E56A68D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:03.490{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64938C716A937BCFF3B48BBE32831CF3,SHA256=081B64E670DEE4A9136F00F0D17569DD255C1B735749670808473537EFAE2AC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:04.734{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B24E4999C1F5C2F53DFBE5E3F3434CE,SHA256=32F72AACCC4BC42526F2A41A11E3FFEE14F80B6BA341DB0104B110E7C7261E2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:04.490{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BC1BDA448A3017AE2A636C51ABA2F91,SHA256=91A5520BB0DF1047BBA7A93550C6FBAD6F5513E1CA3B4AF69DAFB872DF90E6ED,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:02.085{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50103-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:05.749{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1690116E11FCB0E8E22884B929FF714,SHA256=341E390C79071C432FCA91168FE0990046B2CFAFBB706C1A071F8DBFB7A66879,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:05.490{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F219B6342B40C30CD72AA2C8C1F29FC9,SHA256=CF790536304E4FC2A8A2857301E8A2E35737E021D2D73EE8A59410972B28E182,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:06.750{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E783D8BE91F3FCCA1125D94FD5521BDB,SHA256=045F00BDAB575F19B5E8A4BF1C8872AA28DBC71552359852E0E96D7B7AA2A9CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:06.490{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB259048432802BD8FBB309B3C1B4893,SHA256=74096911914DDE740F837405A2236D30B4890AFD7A5709AD99BC66E81D43600D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:06.425{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-040MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:04.772{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50381-false10.0.1.12-8000- 23542300x800000000000000026582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:07.764{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16982D2BCF3BB47390D74A720A062953,SHA256=9CA6C1113493AE81DE93087752D198590A626FA5472E1C614000017DC7C801B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:07.490{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=771938EC33ECB475017FA3B1F8FACFEF,SHA256=DDBC11AFE28050CFAD9D1E68A53AFF00F3007504E3087ADFC13482FA3A58798E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:07.439{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-041MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:08.724{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7BA3A3071F3FB66EC84E73A68C765F0,SHA256=B4BC8E448F0D2E27C75E24EF9CA600EB5CB70B789121447FE998251FBC3136AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:08.768{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FA178347DDC11AD299347C23BDC9B95,SHA256=86FC0FD997215FB4C2209E06BC7508A003480675401467EE566AADEBA68AACE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:09.958{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AFDA65B23B6FF2E808AF7959AEE8EBE,SHA256=CE26ABA11FD02BE97E6B5D417B27CDE4C1CF2ECBC4F1AFAF6805AEC7334061DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:09.799{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=333F5961AC23310D82F1A39422EAE6E2,SHA256=966DB427BC025C16E59FA79D43B2C2613C57E6055110BEDD449CE7923B058E5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:10.990{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=591C1655DA1FFD3A1C4A9C1FD6EF4C5D,SHA256=C601A9302FBEA7108C9BA5C3BDEDEAF8BA7E99A109ED266CA1715843775C4B19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:10.799{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46E3FE0D2E60454FF353CD106B24F657,SHA256=C0A732B4759A482C55020C26F260B935D1C077EB28A113A7E1BFC61481D79DBB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:08.085{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50104-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:11.799{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E94F8811A7000B5FE94A0277C4A8CD9F,SHA256=8DCEC92F20431A3D70091A7C81A6078881712D4016E2917C6CE2D2AF616B8C40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:12.815{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10D0DBAE90BC6CFF1A3AEB339B1155E1,SHA256=9CF5852C209D48362D7D0D18C1835DD8F04BE8FC7E4BB5ED151589816F25DF3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:12.146{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=589A853FC8D746394FDF022FBC9D4F6F,SHA256=8A87B34C84F9A1F93B8F2CDD04D02929DE045ACEB7E1C6687132B36FD8134DB4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:10.728{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50382-false10.0.1.12-8000- 23542300x800000000000000026589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:13.830{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00B3C94DBC86271F20909724FC431C6D,SHA256=7B02AEEC1963B7B93D9A81FB0181219D0DFAB62307FDCB303F12BD5BF1EFF498,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:13.365{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEFAFE321BBA95E5B1B0B5C47D7B3DF6,SHA256=988FB1FA6244504B27C109C08670DC473CA685468D9D5E22AC647E522D25A37D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:14.846{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAEA56B1BB703E77ACC8C79D27D41D5C,SHA256=AA77DE3BB8436CDA3960C1AAA163D8BF13439B7781C4864B743B302261F566CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:14.537{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5D0456F8AED4F86B20402149752B34D,SHA256=A127AC51042CBEE4F608F55B3ADD8644AF0C7BD4A0C3C2F2F674AF9D4FDA147F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:15.861{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A62EA19EC38D237E130017276C64433,SHA256=B099AACA486D982A8EBABA40602025BCA3689605F69291C83064CE3642F01AC0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:13.194{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50105-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:15.552{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C55CFF0EE83B6F4808D6768E704FACA4,SHA256=BE30CE85D1880A06273558B177CFB49EA27B2FCB12C9786CAAC1C4A9ED79D023,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:16.877{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A62EFB108D0219E14CF6727F2DF24645,SHA256=2CF0B50EAB8DD7FE13D220493DF24B0E52CC306BB506798C979D36727DCD3406,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:16.552{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4385C5C1E0A0F03F0DBD222E45AF863,SHA256=558411132C4F5724C20DCCBE762C1F6CEE0CF7E7E0F662493252743450EA76D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:17.877{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AB2C69363B5D1A08EC7F0D7174B6B87,SHA256=6C9EF860224E2B5ED4FE13FF1E49AB48C5E9668D1153CE841F4464C886786F1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:17.552{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7292A7B2B51D21774A8EA60EFC58CBC8,SHA256=458711C8E9B149F8D1D6AA6F7574313DDB1B5545948676D1832334AF3C4AC3F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:16.024{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50383-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000026595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:16.024{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50383-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000026594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:17.424{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2B4F5D83438573A330D6B241A656AA2D,SHA256=FB3FFDB3A0B215ADF31DBF019C9697CB4D054B0340129AEBDB428FA2C0E14B38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:17.424{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0DFA32FFCB0FA92C0F8AA5CB1DFD3217,SHA256=DA04A2616C4B3E6C721FC7FBCFE27FD61EB2A6F6EBD433CA6684135B87313899,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:18.879{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99DF8002962F5702F2038BDDDB28825D,SHA256=CA4A1FCC7DFAF9FFDE8EB1F982973058E1524BDF752ABE41EEB619F73E154ABF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:18.557{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56293828CCAF934F2BD3443EFCDAD98F,SHA256=6A25DDEB77F5281A2A678FA44108EE16D89C733F1B0E793390885C9A4DB726C4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:16.618{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50384-false10.0.1.12-8000- 23542300x800000000000000010625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:19.557{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BD6E4E0F26ED6337D50794941CBA59F,SHA256=F2B1E9523B957C7C12B34753AA5B92E0AB68D6C02C2A4B6E15E2B0385C4EA8DD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:19.184{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50106-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:20.557{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=907AB30047B3CBBF6A1F129C85229533,SHA256=AE079F8B04F963E428CC1C94D61E853DC0CA0BB98A02C8D55EEBDAA9A580E2BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:20.114{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56F495E0D8ABBA9545EAD2B250962945,SHA256=68730F3E1FB251C8DCD0AD6D258ACAEC8B7A45316E8AC218C13170D8CAA1CB92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:21.573{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B341ADC78F5E149DE8054E97BEA0891,SHA256=2EE9172B8CA1508CFDAA5E0366834FAC356E5854ADF395B0EDDF64A57D6137FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:21.254{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46397C26F9A3759E7ABE2DF8CA1DFF85,SHA256=884825D0E4B469F57E44195B51E5452A09F6CE10C4971D304CB4E7200C6E083E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:22.573{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D7131A212F322A4468B98E3902EFD9F,SHA256=E441751F488217FCDB1BFA2FC5EE1D920C69C228D8E4BA1381A9A327371E9199,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:22.254{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=511085FF15E32F0CB1DBCB52995DC7AB,SHA256=6A2BA2EC9A0E6DA7C6B12FA20553D6BAB42FA7D88314B5CFFD9AE7382E5DA0E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:23.588{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC121C01DC920EDDF7E4ABECEAECF7FE,SHA256=16E300720A3053702E352C35DA8117ADB3D327ACED2BE83984ECAD0DBB160D26,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:21.667{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50385-false10.0.1.12-8000- 23542300x800000000000000026603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:23.270{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47E05F58EF1ECCDBC1E675D8FF190B49,SHA256=F5730976988F8FA02751A7AB05EA88FE9A82AEB9849289503162350307C3C7D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:24.588{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47DDF5F57A1281CDE98E5180F28A72A1,SHA256=8BA7B4E52C6C84A3BA9FE67AD0337A8A90283F6FF531366E778890063DBF80D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:24.270{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0ABBD2E1C7A9159F198607649D5ADBE3,SHA256=158D1E5204645C5C5A55E2D6A99BEAB113296A30C138C2FA21CD3A2A00933282,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:25.604{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4277EBF13763C152626E5BCD2B85CD65,SHA256=21BD1AF11D9FA4FD0BE741179C5E57AAA58468BC45BBCB5A78FCFD67D3068185,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:25.301{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58777A293EDD0E0B1813C3CA5B2D0098,SHA256=56BFF301F87866532B1C3C0F7E0ADD47B6615C9E9DABD20780013BCDB431BEEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:25.154{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-033MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:26.618{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BEBD1704822FB80EED27A5BEEC155D5,SHA256=D47C381081A1E7503D15F9C1553552B6B1338C76374CC75905DC2A7AC976FC9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:26.317{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CF78C08AE26DD30E8E41B755BB04731,SHA256=1E4E28F5554F04FDA04A9799B3DE313A45C8DCA27B187CC2512CA8EAC794DE68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:26.167{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-034MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:25.138{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50107-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:27.620{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A49EEBF2AE6769AB22C60C91A9B02775,SHA256=144C8081F11A076F3CC0459FEE6C49AFF7BCCCAE33B8CF5B5CB3B7CCCF93DBEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:27.332{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=828B9A447888EC1CF4DA5945BBDE95A6,SHA256=BB0E3FD17450855112D3113E59672E4B519D79411DD6EE12024D131B9D82B91D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:28.620{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60FC2D5804E729E7F864700F92D590D1,SHA256=BFD9B40621403E967B593A30FFD99A76D860F3C0639DF1F50ADBE986A2EF6279,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:26.715{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50386-false10.0.1.12-8000- 23542300x800000000000000026609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:28.364{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=082D01AC17402F5B22FDA0544A8B6EA0,SHA256=F5D251EF29DA07B921BBD8DCED168D60F3E309827E73674AA0F4F7C104FF7DEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:29.636{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11FBFF14D52610D71CF7F9383D335D02,SHA256=EFCE13EB641F341F7A3895CAE2341F2329FAD2A93F47ADB197996548A094A968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:29.411{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59FD2692A564930629236A726D1AD956,SHA256=889AD99BA05CED4E9FDEC7F7D5232A3B06B8C5248F32FB8C28B64B90226AD4B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:30.636{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84823DE8FA0438F16233C2B252880C76,SHA256=5F257E98953B3DB02FBCBBF299EC674249E8EEB0DA2B61D3D4D4E2BFD6D8A51F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:30.426{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F7E74F2967874E60CC8F3EA7D35B07A,SHA256=0F2B537B1449D8C8FE48B475326731303BDDE38EC248115BE6B152F5B35FD03F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:31.636{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08C1E0A8DD8AE8FFE58933379F3B7101,SHA256=3C1988283B6DEBE44961BAED7B4F352A122843ED4BDF20B411A28DFC5B344E55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:31.661{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D44EF6BD2635EA4CB26DAB184C3FB0EA,SHA256=238F9AACFBBFC22F1B0830776CC08D78AF64D0C594167BCFE77415BD7423797F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:32.895{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32C2B9F56B5CE7DE962040F978840D36,SHA256=5E9DE0A3EB6AE0A04952BB7CD16A54C07682DDF48DB994433C4974322E1DC2FD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:30.216{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50108-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:32.636{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BED11C546279D9800DEBDDEA6E8E060,SHA256=AE34654B59F5C41EF86901F86FDA263551BFBB388055C9538EA4523548A59533,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:32.308{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=11761103FEA3DC3660DB8851491E1E15,SHA256=FDA043528029D2DA72126FC744F3AEE071609F568DBB9BD6CE238BD80314EECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:33.926{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7875F8339850859B657F8DA835DBD4C8,SHA256=9902740E04A0FF2B0ECE81584AF106F5F4C631D528863B83EABA5C944777857B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:33.651{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EED1A185259AFE754845147278EB2BC6,SHA256=D8BAFCB6BFF767651940AA6D12726AE0BB255EE4DF70DDB594128755B33D9AD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:34.989{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79004C74C3C946E16989D45115C9842D,SHA256=2806904E37189DACA6D7C4365FBA95B367D8BCE1D50E1B71095F83B9691CB9DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:34.651{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16F8591898BEEB4A8A888D992D8E1085,SHA256=E84AB25E2CE5D1451DDCA01DB1F43906723957B53FAE00C0AA1857CD6132ABC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:35.652{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9BD38498C7C243C020F48DDA527F603,SHA256=B797DB745C23ADBDE3405181F5EDA0CC3F9EA23AC390D3D92A9A8BE5B4794279,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:35.041{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50112-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x800000000000000010651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:34.965{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50111-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x800000000000000010650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:34.921{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50110-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x800000000000000010649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:34.920{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50109-false169.254.169.254instance-data.eu-central-1.compute.internal80http 23542300x800000000000000010648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:36.887{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C058F4F2C6424212B54AF39ABDEA47D2,SHA256=0B81FB26B841FFBE2C762654770D4B0C89A427FBCD47FEE5969F9644D759D7E4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:32.698{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50387-false10.0.1.12-8000- 23542300x800000000000000026617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:36.004{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D51614CF1A2EC63B6E814EA9477C2B5E,SHA256=8C8FB5B115765619840E62AB64D7566393201F77C7D2E35C7A214E4A0C3A52FF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:35.232{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50113-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:37.004{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F7B90C5F776B5551661F54762D85F38,SHA256=427D1DAD2D563350F7548198DA8BE8F40DE83C6D9AAF345A80E780AFDCC217BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:38.090{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CD341687D99F89645A07992EEFEFA16,SHA256=4553E8AC273FFC813E81F871B1576EFCD649B9617BE950D8421B234F32A18661,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:38.004{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=806CEA492F4CCB8EBD309E14AC804DC7,SHA256=B228D8EDF4D8E20BEB1348BC4359A39953EAE2C4F2FFC4840C9E6569D2DDEAFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:39.113{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:39.019{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA177857EBB70D1195BE548EF04AFB5C,SHA256=143A18ECAF70DBE516A2A7BA8F500F5B0DD2B7ADA219022E957E8F4A79EBFE7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:39.244{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E82C6A2FA36B77BD43CD2A57AA50A846,SHA256=0FFC39A6B8ED2464141C7CA63666FA8BBCAB5A5C857EB7A8DAF268E993285758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:40.369{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC193260A2EC8899F49BABD6829E1CE8,SHA256=11D7F8725F04C0E7F006B38453B3E19DB07B5D9D0EE401B71F6322EB4C3FEC52,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.941{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0628-615C-A805-00000000FB01}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.941{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.941{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.941{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.941{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.941{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0628-615C-A805-00000000FB01}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.941{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0628-615C-A805-00000000FB01}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.942{6EDEAD03-0628-615C-A805-00000000FB01}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000026632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.269{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0628-615C-A705-00000000FB01}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.269{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.269{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.269{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.269{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.269{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0628-615C-A705-00000000FB01}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.269{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0628-615C-A705-00000000FB01}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.270{6EDEAD03-0628-615C-A705-00000000FB01}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000026624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:37.729{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50388-false10.0.1.12-8000- 23542300x800000000000000026623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:40.019{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D97647B86081A3F7FF9322728F3C5BEE,SHA256=D8956B4C1F871F5A181E80806418F42434D303A605D0DD9480A09AAE81B99801,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:41.509{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD104D6580D575C30E176EA60F25BCDF,SHA256=9950D364A85476F67F75704CE31F087023280DF35EFC3ACF214148F6D0DC4308,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.613{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0629-615C-A905-00000000FB01}5472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.613{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.613{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.613{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.613{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.613{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0629-615C-A905-00000000FB01}5472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.613{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0629-615C-A905-00000000FB01}5472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.614{6EDEAD03-0629-615C-A905-00000000FB01}5472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.285{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE9A60F8889DB4BE6BDA6217433A357A,SHA256=B80ADC4E46FD9D99F08E8D4758A0B281A1E330DAAE50E1E7F077DCEA0EBABBCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.285{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2B4F5D83438573A330D6B241A656AA2D,SHA256=FB3FFDB3A0B215ADF31DBF019C9697CB4D054B0340129AEBDB428FA2C0E14B38,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.082{6EDEAD03-0628-615C-A805-00000000FB01}58605932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000026642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:38.697{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50389-false10.0.1.12-8089- 23542300x800000000000000026641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:41.051{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=670E9995E65137A5EFD2E08CF071641E,SHA256=299400C520325D68565B34E297C8B1368288FFC9DA677D27019480251B8163AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:42.650{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BAF50F3D5CEEA341A5A4579F484D846,SHA256=9E4A354107B4FC655CD75479BAFD82767E88DDE2676DE58BA212A67FE7A2EE37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.629{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE9A60F8889DB4BE6BDA6217433A357A,SHA256=B80ADC4E46FD9D99F08E8D4758A0B281A1E330DAAE50E1E7F077DCEA0EBABBCD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.629{6EDEAD03-062A-615C-AA05-00000000FB01}42044788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.441{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-062A-615C-AA05-00000000FB01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.441{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.441{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.441{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.441{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.441{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-062A-615C-AA05-00000000FB01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.441{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-062A-615C-AA05-00000000FB01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.442{6EDEAD03-062A-615C-AA05-00000000FB01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.051{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB3AB05DAD00EFA72E98FD229848F491,SHA256=A94F4FC65876F13C3DF26FF5784B03E3EFBCE912AA450E84EA5A6390AA235680,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:43.681{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08C7A2D9FF179C4291C023A41365D3CA,SHA256=7A952714581CCA3B22B7270836665F337B6CC7A7AD6F9D9E072B5DB8DAEAFD4D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.785{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-062B-615C-AC05-00000000FB01}5700C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.785{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.785{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.785{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.785{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.785{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-062B-615C-AC05-00000000FB01}5700C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.785{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-062B-615C-AC05-00000000FB01}5700C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.786{6EDEAD03-062B-615C-AC05-00000000FB01}5700C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000026674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.285{6EDEAD03-062B-615C-AB05-00000000FB01}71326816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.113{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-062B-615C-AB05-00000000FB01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.113{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.113{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.113{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.113{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.113{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-062B-615C-AB05-00000000FB01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.113{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-062B-615C-AB05-00000000FB01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.114{6EDEAD03-062B-615C-AB05-00000000FB01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:43.066{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CF934604B7D0C52F3674C3634A1D1CC,SHA256=58FBE7A30B79AB8B476C3D04CCD72E3284DB33D209FD70292983E6B771362863,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:43.431{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:41.214{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50114-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.697{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F65A9EB02D14B199E181E55EFB3B631A,SHA256=4C6141827BD1CE7A091788FDB6CC440F62F92A127711033A79B5C64A25BC92DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.566{6EDEAD03-062C-615C-AD05-00000000FB01}66606688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.410{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-062C-615C-AD05-00000000FB01}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.410{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.410{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.410{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.410{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.410{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-062C-615C-AD05-00000000FB01}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.410{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-062C-615C-AD05-00000000FB01}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.412{6EDEAD03-062C-615C-AD05-00000000FB01}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.144{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0085B8BC4150B23D6836B6AB281BB460,SHA256=7B151F7479110532B673B52180CB854D823DB4032E54EB497001D1B0B49E1AEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:44.066{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7443C1AA9AE1C26CFBCC126F18D51066,SHA256=D7B70EEF3FD2B4B9E0A3C79C865C0FD6D499385F2AF41ACB0AC17268D289D413,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-062C-615C-CC01-00000000FC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-062C-615C-CC01-00000000FC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.509{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-062C-615C-CC01-00000000FC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:44.510{49C67628-062C-615C-CC01-00000000FC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=543D74377A9FF2318FF6EF7E491483FE,SHA256=890DC1C57D152CCAE5185761DCA38BA6C1DDC0954D839CBE67C906E3C2F3968A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-062D-615C-CE01-00000000FC01}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-062D-615C-CE01-00000000FC01}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.697{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-062D-615C-CE01-00000000FC01}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.698{49C67628-062D-615C-CE01-00000000FC01}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:45.441{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FBF9FF93B5B44D939F89E8B2DD3C16EE,SHA256=509B671984B9ED3D405F51BC10194F368C19EE9A4D1F72A52E7E01596F36A75C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:42.838{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50390-false10.0.1.12-8000- 23542300x800000000000000026694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:45.082{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=247AD13E80C94487DF9E065DD9C53585,SHA256=E1B8DE8EA852EE878749D8CC39041C5BC621D2D6020E8057BF4B5B4679B2165C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.541{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B1D21A19D7291558BCD0E8583C89D73,SHA256=BB62C6326F3CA4ED66E1E42CD0A695F7D183AB166A69D9AE4F384854F210D7B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.541{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=40440A3864EEE2D06FC98BEF0F7A18B3,SHA256=8B22E5996692F92C257CFAAADA9466ABC55FCE9EA2ACEC4382D978E0901002F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.291{49C67628-062D-615C-CD01-00000000FC01}2848172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000010689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:43.449{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50115-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x800000000000000010688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-062D-615C-CD01-00000000FC01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-062D-615C-CD01-00000000FC01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.072{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-062D-615C-CD01-00000000FC01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:45.073{49C67628-062D-615C-CD01-00000000FC01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000010722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.884{49C67628-062E-615C-CF01-00000000FC01}27882728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.853{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=750A1E89C49E4F2711B01392AA1811FC,SHA256=5802B0574F6B683EAC3C1CFA6FA23D9517AF2B965991675313190B862B420CD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.713{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B1D21A19D7291558BCD0E8583C89D73,SHA256=BB62C6326F3CA4ED66E1E42CD0A695F7D183AB166A69D9AE4F384854F210D7B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:46.098{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AB73B052BE3CBD0E92EFCA4F19E3B31,SHA256=A818D40B609CE0143C2B802D7B07C60CAD840BC31223C85451DEA06A1A321A8F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-062E-615C-CF01-00000000FC01}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-062E-615C-CF01-00000000FC01}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.681{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-062E-615C-CF01-00000000FC01}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:46.682{49C67628-062E-615C-CF01-00000000FC01}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:47.713{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82B648191927C070356B6740265D819B,SHA256=4AF1077F55CC31FC25A51FBDDEC8A4F7D2FA6E7C3A46B37DC278B448CCCC85D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:47.113{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40A49686453617BA5CA790FB3F470E09,SHA256=C8963289F40187443A7A4B236D38E821009B73D2B4AC4AA585A09C70C3AFC6BE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010751Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0630-615C-D101-00000000FC01}608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010750Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010749Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010748Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010747Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010746Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010745Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010744Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010743Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010742Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010741Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0630-615C-D101-00000000FC01}608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010740Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0630-615C-D101-00000000FC01}608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010739Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.963{49C67628-0630-615C-D101-00000000FC01}608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010738Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.713{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA1B3E0541B0223DA17CD77A88AB4C59,SHA256=4D3AEBD40666319339C4EAAAD0B8B2F032E82D9BAF9DE23767BB39A7630A1B0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:48.129{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87538F54798E2B357AA4ABBA45B3DBF5,SHA256=AD5E072D3263BE7E71DA11ABAB7757052CB7B03FE6946D7B97E74F51D16C618C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010737Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.447{49C67628-0630-615C-D001-00000000FC01}3852956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010736Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0630-615C-D001-00000000FC01}3852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010735Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010734Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010733Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010732Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010731Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010730Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010729Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010728Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010727Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010726Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0630-615C-D001-00000000FC01}3852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0630-615C-D001-00000000FC01}3852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:48.291{49C67628-0630-615C-D001-00000000FC01}3852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010768Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.978{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C383F3F8CE487E433F96B1F16C75AB2C,SHA256=BA9E345CE85685F4B87E8FA3A516DD7CC70057BFA566CD030D20E78D2D38074C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:49.207{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC1FD8FA1725BAEC7178C767A4355603,SHA256=3C93258CC8B6B6346264F4DB247FC2122FE39020F40A0C74E488C2F9FCCE3DCD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010767Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0631-615C-D201-00000000FC01}3140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010766Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010765Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010764Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010763Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010762Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010761Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010760Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010759Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010758Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010757Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0631-615C-D201-00000000FC01}3140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010756Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0631-615C-D201-00000000FC01}3140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010755Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.635{49C67628-0631-615C-D201-00000000FC01}3140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010754Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.291{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE16AE65FC2C946853F09F782755AD1C,SHA256=642C7DCCE999386DE10C474F6C667BA9B3203039C03FF441FDB9FE81ADAC7952,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010753Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:47.167{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50116-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000010752Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:49.134{49C67628-0630-615C-D101-00000000FC01}6081052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010770Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:50.994{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09857E35FAEC9A5A0AAF72CC26DBE815,SHA256=2BD3409A9E718ADBD2C6240BAD90ED17DEB1208648F3B2BFA255288B7D7CA5BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:50.520{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=489857D803135B35DEBC1B362ACA3BF6,SHA256=08F1DDB8CDCE9526979F9B38B989681734AC3ED81CF2BE502F1AA91C3CA4EE11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:50.223{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EE254C2ECC56EBC0C2B723D34C1258D,SHA256=EB4D98FFE5673B5A37F92F821BBA0119A6300515CC767E43DCBD6A4FDDD3E07B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010769Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:50.650{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9A3A7DC6930C4669C75A79680096C6D5,SHA256=5CADB9FCFB19973A17A6AA56D151A170705C86FFF58AFE340B6F0904EEE1080A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:48.729{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50391-false10.0.1.12-8000- 23542300x800000000000000026703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:51.238{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43D1867A4D776D3F07A7C3FB9BC675F2,SHA256=F3A2921EBE1134A21088A13788D0F34922FAC23084B6C310F4B88238210306E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:52.238{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E3200EC5C5F94EAEF17957AE2ED093E,SHA256=F0E88A2BFCD444FC1A61F5240A0D4ECBB8E3E455C5A090B430D7B8D0E936A641,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010771Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:52.119{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=353C93988B548BC394A09540F91FF47D,SHA256=E143690E77EC785D336A4329199CB03BA24878E9D95361F1D0275B2BC58A559E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:53.254{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DD3BBE156ECF2B68A428E57F8A6571C,SHA256=3534FB0C6AED4A020753526DFD29407F53B34AED958AF7B0EC0D7212E598080B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010772Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:53.213{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C456F831D0CB2FAA35DD2628C246838B,SHA256=27C10B12455C7C5B9CFD3803AB3869E926B9A53C4C3EFED980CF9845FDAC1DFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010774Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:54.384{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C2ABD72B3983749746BB48C11FBFAD8,SHA256=922A2133A69309F75D0C5B572EE08C1C1989EB82662EE9E7E35A3ED3B944F501,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010773Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:52.245{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50117-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:54.270{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F2CDBB0FEA760DB670D87D5D951B537,SHA256=6729C77EA287FE69FE53A6E9F0D54B4F73C3D17CD49E89028D210604DCABCF9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010775Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:55.384{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=652015A9496D7E3D20A38842C1771713,SHA256=7A8E5EE05C42815CF0ADF077F10ABF9B3A9F4D336D61169F7AB7F47EDB15DBF8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:53.729{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50392-false10.0.1.12-8000- 23542300x800000000000000026708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:55.285{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4342D200FDAC2DDEE95A678783B58F87,SHA256=26D5F1DAC0CC33905DE37E7CB9F6026D94C4B378EC37DE77871368A1EA56B893,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010776Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:56.619{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=302F65CB4AD02C95D58C5D70305E1436,SHA256=40CE020EAD2A46A9D3F0D230988228C896B0E5331293F3F7C2B6121F8D5FA9D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:56.301{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E71673E0AB7CA0D02AC26ADDB47F9764,SHA256=34B0C2AB08C4242DBD18CD1B587BBE62187D45E708472261A50BF9F730129262,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010777Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:57.806{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=303CAA665E7F26FBB0CAEFE0B9BDE18E,SHA256=74A4067394D6D812D7C142FD6F1D8B3827EA1DBDE2B8CDD3420FD100E19C3E01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:57.348{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDB1BEE3BB68BA5BCF4D2ACEF52FE3BE,SHA256=37AD733D16325BC6747E03037F7BD3CC2E6B71001ACFE08EE78A7D71F8088C11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010778Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:58.960{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4295E3DB12F127C2FE71E9D74E6F171A,SHA256=320ADAC34ED1EB88D30AD22305E57BD3C67499342790907115B63ABA0EE0F98E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:58.361{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57DE199FFE486C31FDBEC38E5D113568,SHA256=7A1F3C585AE8FF58028B03FF0B96B63DFE3DBA5242A255A3109DAE7938554687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:59.580{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0612423C3C1E154CE4527340B9A33D2,SHA256=5BF82D51F77625A0513171407A41C39525A9FC37B17822A95CEC577E4912929A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010779Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:00:58.243{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50118-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:00.767{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2888F48674C62B4A35BEAEA7B9D13539,SHA256=9BB113BE2F428D11438AAF3AB52C18AFC3F7D71DE52511D057A70F76AAD2BC81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010780Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:00.085{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87454C65676CC79574142F8BB8878D37,SHA256=F1DF07EC2F4EA033BDCABCAB231F6950641467A3B982BEE1636D0AC0240CA1E4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:00:58.820{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50393-false10.0.1.12-8000- 23542300x800000000000000026716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:01.908{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1ACA61846EDE64C73C81965EA478BAF,SHA256=4082DD890BE591D146B9865D731B66CDC6D2AD1D00E4DCD7FB0F75BDBF29EC22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010781Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:01.242{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C953CCC1C61E1E2C761D7D088E6ED84,SHA256=EBDFEA5AEF43D0D6D03BC3C77EB3D4CB9DC045BCF05CC2B11E136C10F38B773D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:02.908{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21D7B494EF1DBAA04923B1C69A6729EF,SHA256=6CD4E5B0EB592E0836E76AB8FD819951DE830E2609C48878D0AE878FC3B72E13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:02.367{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4150D2F8DE76B5F15045EBAADDC4A3F,SHA256=FFC0375425F77E95E16C9491C10180B3474CD86FBE0797A696E4EECF18F0658A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:03.924{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=299D52F90D268D3314562E84F72621F4,SHA256=94478D78D2463B239909B8681A0F99881CDD78DA85FB2C7E8D344B1A48A6373A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010783Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:03.523{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C041C0A8ADF3E0A6DEE2D17E902B551,SHA256=AAA1F80159A42EA7DCA0D549349E4E03EA6D02D952D1ADB1E241BA8C74D99A41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:04.955{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6172F4A5EB078A9F981DA647D6BF0956,SHA256=7E2134E71C319D243143CE7DEF6C07410AEACF360B5C24C8879B44CC54C75A9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:04.664{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5E6FAD24CC6E5E15B2E73311BCF24F5,SHA256=9FB25F72F9781876F39E908FC621082594126870E41A6A297B0B691F40E10F13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:05.970{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84676E4F881E4F35B066C7C2543F6B68,SHA256=713A77D209D7BA1BBDE487AB7A34240ED41FFDF25A00772057895EAE0EE7E87A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:05.695{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA7B1C7CAC371C53F49A734F79498552,SHA256=2EF0734DB1C3EA5307A809B0A981321FD760EC9EDF94FDF32BED26C8659E28F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:06.710{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB86A30F529A3B30186532C84548EB14,SHA256=D66919AC4B9A0CB08B5720224EB975133A49D823010DDCF5E930551A20C1C672,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:04.072{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50119-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:06.970{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73CD6CA0F18D1675F28004060A3BF1FD,SHA256=485D8E2D842C8AF1F8A136A001C91F27D9E37BA7DB9CDD0398AEAF4A31F98F3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:04.804{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50394-false10.0.1.12-8000- 23542300x800000000000000010788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:07.757{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D573B58116811462744C6A207C6114DA,SHA256=4D813F0015146BD54147A30FF7A9D4B79E94087699082104708DA20CF8D57C25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:07.988{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D558AD3F218EA9D07004659788176708,SHA256=77AE2727E82BB28A527C7A838A9F79307EC59FBFEDC53F80BCA19342E9246E4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:07.959{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-041MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:08.867{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8FCAC1004DAB504B35F940CD6398DC0,SHA256=BCAA1D8698BA76DC62C87693557A523692A6AA3C98BBCEEF8F4063B2C7359C4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:08.973{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-042MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:09.867{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3A7906A3E3BBAC67B4237957B5E1E13,SHA256=B09B44CD4DFB4EFC7FDB5E7F3AD60D963872B22E2E6DB22BA3D57681212680E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:09.049{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A04004F1DEC0D231952FA89B5940F7AE,SHA256=276EAC11F96F27752B173A040BDEF53CAFD82C263E9F176301EFAB1830C200F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:10.867{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=622B9E4DB6A093307C95E79A1A25B330,SHA256=BB18C616588F4A842234BEDB29FD766C2F9FCE617B6A6B8A953B4A6FBE1611E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:10.116{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B453CB4A2403522724EB799B6D510452,SHA256=6EF68A090CC79E9084C62E160AED07BEAFB54395025AC55AB091D3744D9FB731,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:09.134{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50120-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:11.882{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BA56014DDD5FC3DE4871B66EB3BFE5A,SHA256=75E89BEA50236C6129C2E5C0D16A99A1F3A18E593174915E74A562EAB62C5C22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:11.116{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AD66671087AE57572AE7AABAED6E8F9,SHA256=83422183ADC7633986ED47C278FE95749DDBC1D883D6FC21F9FCE0CB9413DE6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:12.882{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CCC9BC69BBC2F00F800FA1F50E40844,SHA256=4779E9A25CFBF58E1968266253F6513859406FDB1FE7FD4AEE7D1C327CDEBD0F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:10.762{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50395-false10.0.1.12-8000- 23542300x800000000000000026729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:12.147{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DAD21B2EC49216C4B04398D9CC92181,SHA256=0CBE3685068271C36CF92E95A5DC6396A65778A8CEC64C343E651E3BCF198A47,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:11.244{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetruefe80:0:0:0:20fd:326d:f5ff:fef0win-host-340546dhcpv6-clienttrueff02:0:0:0:0:0:1:2-547dhcpv6-server 23542300x800000000000000010795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:13.898{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA60337BA42728A88982BAE721C5CDCF,SHA256=5E2BA26C6034207AD155FAD6BCB32003709965F56B29244DE6F6BE8273FA1114,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:13.147{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C7ABF872A03FA034073035100CBEB4E,SHA256=3ACB2C50DF90220D4C1B10FD9D6C0D219FC9B9C18AB5BA91185F189A442B879C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:14.992{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2BBDCC2086638EE442B95D7BB51037B,SHA256=B6DC6A5B1D963BF7A45C852D116E08E1DDDFBE9E4508EFBC8AECBB4AAE11713B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:14.162{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8FB5853BCBD96F0C6FF5893F0CF4969,SHA256=1B8D087670DC98071E4282C3007167FAE617532A54A64178C8254E53DEC32470,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:15.272{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D33A5CFE63149D40D4E4FDEB32939F39,SHA256=961E21F80917F93F5E1D4C01DE8EC52B22C0D255210D9D7E97DFEF7C399B385D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:16.287{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F2D4CE13F011294296B08E8DCF4900E,SHA256=838312F088C41AB4D30B0F5BC17E081A9FC85F345A0A9D33CDC34B5DD3ED5E9A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:14.165{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50121-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:16.226{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63BB8A539F7413A0D19F0A0EA24D6A08,SHA256=7A46A4E3BD499D4ED50C268CAB0C949FFD7DB36E70FB409C4D1E8D465A0EC6ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:17.320{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5FD2CC68767945C703F1D6F8C1D7BE1,SHA256=AF1F10FCDDC0733F7695DDC19EE4C9DC19EFC17046D9C80537CD10FE401E8506,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:17.491{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2DC4BCCAD3EC5C7DE6F547C12648E487,SHA256=56E9B7896867F5D3902AC9D176519091651618743F0D097AF28DE1550C712480,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:17.491{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB61305E059E1F87F5499417E16F8A26,SHA256=874597C4E968F8738B19B716FA46312E2FEE4A847F29AE57A33D4873A007CBAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:17.303{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F63AE562AA5344551E3B54D97789FA4,SHA256=87A5875512106CB5901B87AE96D5B8DF56C74A3B7995F0F3B8760C5546BAD7E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:18.420{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04B8673D49DAD79F729B9CB0A968F6D4,SHA256=00D943A959B1CEDDCC0E2864F64A70D2F97A559621AD9B39FCB58785FFDC97BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:18.319{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A0484B41E23C4021E5BF2CF013ECE6A,SHA256=DE5E549DB447DB8E698A7A319D5A568164FCC786D82BB63433BA8DA39CDA72B3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:16.043{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50396-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000026738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:16.043{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50396-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000010802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:19.497{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=340FEA276672F2E123C4AD43052DEDC2,SHA256=19701D53DC0936BE766DC99786B1769F80CC5BB9750CAB7E2D0C10DC74705743,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:19.366{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25E0F5549B86C22C977C6087B6A4D664,SHA256=E51BCDFE1811B0785219FB50DDB0360668FFC5FDB01FE62FFEE9A712133152EA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:16.668{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50397-false10.0.1.12-8000- 23542300x800000000000000010803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:20.715{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28103E2A852D0F4B9B1D7DA481C7F7E8,SHA256=8274C83A6E1D13B6F3837B7B9EC8E870E6F9112A72D568FE6FB350A57B1DDD16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:20.366{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED9D6E2024F7E8CDF03A5CC7F8D89ADD,SHA256=2C6405FAAA39D16C8569E4EF144F6BD05FF3EFE92B1F7B242630388DA93F28E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:21.887{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF404DA6BAF8C0F7D193BC7EA867C7ED,SHA256=D8ABFA56FC734C1F3268625368FA262C26603AA12097273A75E7A1618FA42827,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:21.382{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDF0F119B7350B33260F794C5EC6C89C,SHA256=8FBA56CEEAB9485EE9594C703D59486FD5291B20328951FCE953F031FC5C63D5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:19.234{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50122-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:22.950{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD52E6255F9ADD1BC7D7AAD5BAE6BDC8,SHA256=999CF87CDE68FDA253693E273B8B602A6FE296620116AE325804D45E199E21EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:22.382{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50396C0131FD9205C1F6A764C408D5F8,SHA256=5F730EF8B0742849396213FB50243B4F6D33A999BD0B05C14274376007BC4B72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:23.950{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F8D357B7C3FA2D7478922D6AEA03455,SHA256=9501E0ABF6C1FD29D4B8544450FBCEDF0BF0988D1BF6C2E1DDB6AF2894513302,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:23.382{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3D0D10841F62C16E02ACCFEDD9E9198,SHA256=6FAFC73D3EBC17085B8E93E1BE7005671E01B571355D9C8372041E4448222982,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:24.950{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16105EA05AA57E89DE58F6EFBE2DB988,SHA256=12F0692F8926AB153D8ED0E65F4A38B54FDBC983E82217566810DC79CDA211AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:24.397{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09EDA90AA57E7E01BE8B2FEF38F43323,SHA256=3C1AC992C067A2732E554E2EC9C5ED1FCBC88B04D92D7F7EDF610BEBF3FE1DFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:25.950{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0FBA9DEB109B3F6277ED5A080DD3D74,SHA256=9620170BE49595D8DA7F5F1417AA16F073FD67F7A895568B9A85ACA757EA9CB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:25.413{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEC0DFE09DBEDA44CE2B2161FEA54BFE,SHA256=50C3D56AEC72D7E6948C178BC65FDE072C206321A136936C293D117C0382C40A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:22.621{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50398-false10.0.1.12-8000- 23542300x800000000000000010811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:26.955{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30CDA1921AB41F49CECC8FB8DD7AB3BB,SHA256=F3D3521664A08D89BE302D2775775A7759BC8D560F9C8DD1501508D4FE189892,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:26.429{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F9E186A39AF3F706AA8CA6EAA44FD40,SHA256=3BD630773F0BB440506ACCE79FCCC9333E85154FB32AF7769C7C33D832A21064,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:26.687{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-034MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:27.959{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B5307FD769E75EB0889AD4850D088D7,SHA256=1D2C6911708B8274FF048C077409E60D1C8DBD872931120806A117127B861AE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:27.491{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E652E8B9D6359110CFB8C878AD26F844,SHA256=7C9FDFA82AED3871D1212F678235B9E964733BA5C4C1EAA472ADCEEA5613AAD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:27.691{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-035MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:25.233{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50123-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:28.960{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F29DF284FCFFFCFAE892614153C6C36,SHA256=72BFC9A5CEAF29EA358159F47B2845C39D66C8DF7854DF7622AD0653130B2C13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:28.522{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2726F93436E4BED0DF528CA13A30CF6E,SHA256=09A22C0E8DAE2F3838C647E9FD58D6145F6594E521CA7E465414207C5BD2ECE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:29.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55A2502A42D70C661DBF89AF08CE4903,SHA256=EA37F09DE549DF11FEAA4C9491D0018D56FE8DA0B2B3C6492DB6F9F77E7ADF2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:29.538{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1313DA46B59EF6F7D3B9B379EE8324B2,SHA256=BD385F3F1BC1001571C2ADA689514D15A3915A1217A3E6B08414EA1FCC3C3503,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:30.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B7826B9754E28C3F38B0EA1C084005C,SHA256=20CBFBD660DBDCF00D4EFAFA9F2E9688F57F48732BED28E69B343C37E3426B3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:30.601{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4BBB5C85C526AC475FF374193A9E77A,SHA256=7AF960DDB49DD2FBC300ABC9824170821A9C2F981870BA76BCFDF09FF32AFF90,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:27.762{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50399-false10.0.1.12-8000- 23542300x800000000000000010818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:31.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9402ACC24B0BECF0E67D95DCDC015BA,SHA256=70453D60C709D7A694B0966ABDA9F66B46A89937AE9B119B232F6E3F13BC8A68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:31.679{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC1EC6064446DE9F2138108C5F024534,SHA256=09630D5859E06DAB52B1172D776D37BC6A2417870C742EB7641EB73BC1468012,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:32.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF0AA3272793CD6DE2B58536647EA87B,SHA256=4E603DEC8FEBA092B9FF7C5CAC1BAD3CE3DB8CC47601DD2159C28205F79D0B39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:32.741{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=436A48E0A35564D8596DE3A8CB7384CF,SHA256=F67DF783D0BC932DE4A564D15AF172F2A324D6E6F92E38C8C326FDC416DB12B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:32.319{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=648C371231276C2632B2A62794FB1C44,SHA256=87B644CECDD18DC7B36BFF5419CCCBBCC691FA31A233F85AD0716777F8F0A5FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:33.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CEDE5E70E6502895061958481920F3B,SHA256=A566ECF5464FE54833EBCDDCC35C2D8F2D769B5146AD738EA63CC85A69EE82F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:33.757{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D736FD485F5A3132396BBBB790818D70,SHA256=ECB3D7E1C6560658601C9467B382D8682C26EE1373C279527FCF9A84976F3163,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:30.243{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50124-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:34.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60844630F162551C21D46741588EA6FA,SHA256=092752B7FEE3428EBFC1A4268C773D4190F892BF0ECBE7C2D46FD1DFC16CDC34,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:34.757{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:35.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D51C0922EEBC19D40668661571C3213,SHA256=DE4D0987A3D601F07F08736CCEC20DA193B5168B9210F664B9230B7FD9BB58D2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:33.762{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50400-false10.0.1.12-8000- 23542300x800000000000000026792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:35.116{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AE6B05F14CB378C855E13A31B4563F1,SHA256=E066338CA172C989B56E1CF2027FB6CFDC73A566EC3B9240012FC062EEB8C5CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:36.991{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0BDD748CABC9473E6DDDDDC2FA4F2DF,SHA256=C0C438B18D0DEA93E1F74A76288C8E68AB6E343C227906015F3D2AA7CD5D3DD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:36.116{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B297DAC8CCB17D2AB1AB4744E99F910,SHA256=853CDDE8F4DBDED47E4EB724B392809A21D6D46307FCA27C1B7387101BE30FED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:37.147{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=811F013E047DBCE47E5AA454DDF072EB,SHA256=9D88B78CE01A4C863B1F6785960D8983EB8C941F73C847270A26810DEC7D0756,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:35.274{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50125-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000026796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:38.197{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=090DEAB383500797D38F69162A7613D0,SHA256=8EDEDF50E8AA0310A40636E68FEAB285993E8C547CF3A61E824CA5B1ABB265AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:38.038{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1851BE85AA079EA565152BD702B4E974,SHA256=20BAF49B8ED0E95CDB1F3837A8E80F25696C923279CACD39FBBBD3A8E03F2907,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:39.281{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8F05C90B5E55C0903C4AD8EE698F2CA,SHA256=AD7DDC1F24A443E0B547D9039A6666FF2ADEAEC738E531DA15103F772AA29D8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:39.275{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB2EA8C9583243856CE5A59D880DB992,SHA256=AE1CC35B51057024499F1FD169E8E74FEA005860FD33BFA15170667AD2020DD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:39.135{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:40.312{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4F6E331FCFEB60106A96913111C7750,SHA256=092E473CD3A7A07811CF467AB82B36D026E36EE4D027460DDB1F536E2FEFFDB3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.947{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0664-615C-AF05-00000000FB01}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.947{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.947{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.947{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.947{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.947{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0664-615C-AF05-00000000FB01}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.947{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0664-615C-AF05-00000000FB01}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.948{6EDEAD03-0664-615C-AF05-00000000FB01}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000026809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:38.812{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50402-false10.0.1.12-8000- 354300x800000000000000026808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:38.718{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50401-false10.0.1.12-8089- 23542300x800000000000000026807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.275{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41CBA3C13655BE73AD01C7B60EEE5BEB,SHA256=43F36480D08EC89E5AA2FE0B11E5D44E1B78B61A7FBEA22D35CF19D56862B19B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.275{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0664-615C-AE05-00000000FB01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.275{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.275{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.275{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.275{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.275{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0664-615C-AE05-00000000FB01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.275{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0664-615C-AE05-00000000FB01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:40.276{6EDEAD03-0664-615C-AE05-00000000FB01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:41.453{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E2B2774F152068317F943AEF250AD37,SHA256=6E6157543C1EF5F91B96279F70067A895D7F5F35EE739342BBE8D7F5AAC79C72,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.619{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0665-615C-B005-00000000FB01}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.619{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.619{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.619{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.619{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.619{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0665-615C-B005-00000000FB01}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.619{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0665-615C-B005-00000000FB01}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.620{6EDEAD03-0665-615C-B005-00000000FB01}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.291{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91DCC154016F8F27A8DE648A306DCA69,SHA256=3506D58282D25D5DCE934B68B8C45603FEC9F37C93FF0BD995DE6BBACF6CBDFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.291{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7440F415C83BE98E7699488FE4A92785,SHA256=A60154346A54A4C74C69D0A546D7FDE55F44E1E729EF19043475F1BF692458C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.291{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2DC4BCCAD3EC5C7DE6F547C12648E487,SHA256=56E9B7896867F5D3902AC9D176519091651618743F0D097AF28DE1550C712480,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:41.103{6EDEAD03-0664-615C-AF05-00000000FB01}42284496C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000010832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:42.453{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2055C0F156438950A996E5D950331AAC,SHA256=D18DE0121BA8F1FD78E432151A249B5EE9C4552F2ED7E67EE2F989735D812790,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.635{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7440F415C83BE98E7699488FE4A92785,SHA256=A60154346A54A4C74C69D0A546D7FDE55F44E1E729EF19043475F1BF692458C3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.603{6EDEAD03-0666-615C-B105-00000000FB01}64922660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.447{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0666-615C-B105-00000000FB01}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.447{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.447{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.447{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.447{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.447{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0666-615C-B105-00000000FB01}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.447{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0666-615C-B105-00000000FB01}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.448{6EDEAD03-0666-615C-B105-00000000FB01}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:42.306{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A95BB6B65B580C7A9A09BE49B18540D4,SHA256=FD68A6327A3442FB81BAC0FE097BA47F6EEB20E5E05CBA67896312B63E17A3C5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:41.095{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50126-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:43.671{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9E864E99C4D4BF504531337F29496A1,SHA256=5DA9C85FDE83BABDA16F50EC03047B235000B768FF846DBB5933C843A02847D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.931{6EDEAD03-0667-615C-B305-00000000FB01}57886596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.775{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0667-615C-B305-00000000FB01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.775{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0667-615C-B305-00000000FB01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.775{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0667-615C-B305-00000000FB01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.775{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.775{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.775{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.775{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.776{6EDEAD03-0667-615C-B305-00000000FB01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.322{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66AB80C77F30B231DD628623B6C2682A,SHA256=05C140B5137BD4951D8AD0D87DD711DF3A566B732D7D4A5FC0685B953B7A795E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:43.453{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.260{6EDEAD03-0667-615C-B205-00000000FB01}65402312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.103{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0667-615C-B205-00000000FB01}6540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.103{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.103{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.103{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.103{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0667-615C-B205-00000000FB01}6540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.103{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.103{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0667-615C-B205-00000000FB01}6540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.104{6EDEAD03-0667-615C-B205-00000000FB01}6540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.874{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42F4C06B371B20F6018BCE2BD6E9C540,SHA256=457D18E6C07F21CDC8610E08C82C2F4A6335FC2EB19A36A561846444113B84DE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.385{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0668-615C-B405-00000000FB01}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.385{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.385{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.385{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.385{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.385{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0668-615C-B405-00000000FB01}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.385{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0668-615C-B405-00000000FB01}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000026862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.387{6EDEAD03-0668-615C-B405-00000000FB01}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.369{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59BE12FA26D434DAC75EEF190DE8953B,SHA256=42E675FFACEDA9660255DBB1C42C640F27EA45FFA0DE1B98B897F8A8705C8706,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0668-615C-D301-00000000FC01}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0668-615C-D301-00000000FC01}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.515{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0668-615C-D301-00000000FC01}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:44.516{49C67628-0668-615C-D301-00000000FC01}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:44.135{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F1B585C13C8C0AD000564EE0B06C0ADE,SHA256=5F5D8B7D16DB7C437FEF9812B7415421B19681EE2604DF372072DD1C237035D0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:43.859{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50403-false10.0.1.12-8000- 23542300x800000000000000026871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:45.416{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D196A3C3DE7ECFC0CAD83843BEE8CB3,SHA256=8566825568837F580AC4CC60966FFCFDB88A72A98D39A84C7F24B5CF6C0A774D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0669-615C-D501-00000000FC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0669-615C-D501-00000000FC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.640{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0669-615C-D501-00000000FC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.641{49C67628-0669-615C-D501-00000000FC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000010865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:43.470{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50127-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000010864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.515{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F6B6F33CA585C6A5970AA52B3E1EE858,SHA256=5CFBBDBEE9ACC6CD21BD97176EEBFA7E8618B8BFC1C5F212F8DC2245CCAA9FD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.515{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FEC7E3CE7BAB1DB02BA805FE2387DC0C,SHA256=B17CDFB30BB0E3F606BB458135035312F22AB4D1C34E05A63B0851487C9227CC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.171{49C67628-0669-615C-D401-00000000FC01}36124092C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0669-615C-D401-00000000FC01}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0669-615C-D401-00000000FC01}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.015{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0669-615C-D401-00000000FC01}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:45.017{49C67628-0669-615C-D401-00000000FC01}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000026870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:45.385{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=026E9C2BB73A8AED9D64F16C436C8584,SHA256=D3B98632DC844DB1685EBB7A42093D42D22C43DAAD0FA7FC56B187A7A1626B6B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.775{6EDEAD03-FF62-615B-ED02-00000000FB01}48006256C:\Windows\System32\RuntimeBroker.exe{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+3810b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+8addb|C:\Windows\System32\combase.dll+8c2d2|C:\Windows\System32\combase.dll+39b93|C:\Windows\System32\combase.dll+8c4dd|C:\Windows\System32\combase.dll+37f4c|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000026883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.775{6EDEAD03-FF62-615B-ED02-00000000FB01}48006256C:\Windows\System32\RuntimeBroker.exe{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+3810b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+8addb|C:\Windows\System32\combase.dll+8c2d2|C:\Windows\System32\combase.dll+39b93|C:\Windows\System32\combase.dll+8c4dd|C:\Windows\System32\combase.dll+37f4c|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000026882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.775{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-066A-615C-B605-00000000FB01}2204C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.760{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-066A-615C-B605-00000000FB01}2204C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000026880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.760{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-066A-615C-B605-00000000FB01}2204C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366e9|c:\windows\system32\rpcss.dll+3bed2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.697{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.697{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.697{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.697{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.697{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000026874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.697{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000026873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:46.447{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7373648FBF26A57709D7964195536AAC,SHA256=72E5806AB2028A84CFB8B805260425BF16B80D59774E7BD828E4AE1F8EBC2488,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.828{49C67628-066A-615C-D601-00000000FC01}20723836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-066A-615C-D601-00000000FC01}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-066A-615C-D601-00000000FC01}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-066A-615C-D601-00000000FC01}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.703{49C67628-066A-615C-D601-00000000FC01}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.671{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F6B6F33CA585C6A5970AA52B3E1EE858,SHA256=5CFBBDBEE9ACC6CD21BD97176EEBFA7E8618B8BFC1C5F212F8DC2245CCAA9FD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.265{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=468AAF27FFC144C78DFCAD909A1C5976,SHA256=DAD85456DA344C586E93467D8AC62422EAD449FF4FE1C8DB73354D26190E9B90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000010897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:47.812{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C177AAAAC44CF4337F114625960C4DCB,SHA256=D6D93D269634202DAEA1DEBA0E5E687580DEEB537C5869C1831C6FF50F5A435F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000010896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:46.095{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50128-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000010895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:47.374{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F292F337C7516E40853E8BAA579BB24,SHA256=9E4E293C6A5216C651F7A9AF4860011E56508BCFC82C0A539007738912F869B7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000026897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:47.947{6EDEAD03-FC1B-615B-0B00-00000000FB01}636804C:\Windows\system32\lsass.exe{6EDEAD03-FC18-615B-0100-00000000FB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000026896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:47.932{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E34C759C6C5914604D5E8D23E5945061,SHA256=74959E69045537C981E5F4DAE8752FA4CAC2A09C6D0354A898AF4DED79EDCA2E,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000026895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000026894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x002857c2) 13241300x800000000000000026893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b6-0xdccf3de7) 13241300x800000000000000026892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9bf-0x3e93a5e7) 13241300x800000000000000026891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9c7-0xa0580de7) 13241300x800000000000000026890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000026889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x002857c2) 13241300x800000000000000026888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b6-0xdccf3de7) 13241300x800000000000000026887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9bf-0x3e93a5e7) 13241300x800000000000000026886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:01:47.588{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9c7-0xa0580de7) 23542300x800000000000000026885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:47.541{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C3FD086B2AD23B987CBB1AA7FBBEF3F,SHA256=8AF677A37CA79AB270D04836B9459E86D2EF2522AB5E13874FBB2E4194DD0EE6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-066C-615C-D801-00000000FC01}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-066C-615C-D801-00000000FC01}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000010914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.968{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-066C-615C-D801-00000000FC01}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000010913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.969{49C67628-066C-615C-D801-00000000FC01}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000010912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.499{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB1BE1A933FFD554A7A2B7C06F04A750,SHA256=F57B85680693BFA45C72CD181DCFE6D11E19A80E689AE553C45595010A67922E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000026905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:47.448{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local50405-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x800000000000000026904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:47.448{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local50405-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x800000000000000026903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:47.440{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50404-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000026902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:47.440{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local50404-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 23542300x800000000000000026901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:48.947{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7E4B6C3677EF6F31DDACE9DBC90CD8AB,SHA256=71FAB047533A5E39E18F73EBFE93770EA5DB508F30D327B154A79A1D5D47B38A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000026900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:01:48.557{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1021CD4671F1EB11832EA39BBC793491,SHA256=76C385E0164A4556D2892DE2892A0754E3D334745445ED14D485FDFF43E191BE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000010911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.453{49C67628-066C-615C-D701-00000000FC01}30401208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.296{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-066C-615C-D701-00000000FC01}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000010909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:01:48.296{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system3