10341000x800000000000000032431Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:18.795{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DC92-6006-6609-00000000A301}7312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032430Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:18.795{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032429Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:18.795{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032428Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:18.795{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032427Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:18.795{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032426Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:18.795{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DC92-6006-6609-00000000A301}7312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032425Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:18.795{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DC92-6006-6609-00000000A301}7312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032424Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:18.795{E983936C-DC92-6006-6609-00000000A301}7312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032440Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:19.607{E983936C-DC93-6006-6709-00000000A301}79686716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032439Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:19.466{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DC93-6006-6709-00000000A301}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032438Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:19.466{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032437Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:19.466{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032436Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:19.466{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032435Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:19.466{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032434Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:19.466{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DC93-6006-6709-00000000A301}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032433Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:19.466{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DC93-6006-6709-00000000A301}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032432Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:19.467{E983936C-DC93-6006-6709-00000000A301}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032458Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.966{E983936C-DC94-6006-6909-00000000A301}46925348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032457Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.810{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DC94-6006-6909-00000000A301}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032456Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.810{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032455Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.810{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032454Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.810{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032453Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.810{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032452Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.810{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DC94-6006-6909-00000000A301}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032451Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.810{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DC94-6006-6909-00000000A301}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032450Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.811{E983936C-DC94-6006-6909-00000000A301}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032449Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.279{E983936C-DC94-6006-6809-00000000A301}80246344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032448Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.136{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DC94-6006-6809-00000000A301}8024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032447Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.134{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032446Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.134{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032445Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.134{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032444Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.134{E983936C-B38F-6006-0C00-00000000A301}5923344C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032443Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.134{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DC94-6006-6809-00000000A301}8024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032442Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.134{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DC94-6006-6809-00000000A301}8024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032441Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:20.133{E983936C-DC94-6006-6809-00000000A301}8024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032466Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:21.482{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DC95-6006-6A09-00000000A301}7848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032465Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:21.482{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032464Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:21.482{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032463Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:21.482{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032462Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:21.482{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032461Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:21.482{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DC95-6006-6A09-00000000A301}7848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032460Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:21.482{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DC95-6006-6A09-00000000A301}7848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032459Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:21.482{E983936C-DC95-6006-6A09-00000000A301}7848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032485Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:22.295{E983936C-DC96-6006-6B09-00000000A301}53927276C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000032484Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000032483Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a06036) 13241300x800000000000000032482Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ee5d-0x74d62e9d) 13241300x800000000000000032481Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6ee65-0xd69a969d) 13241300x800000000000000032480Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6ee6e-0x385efe9d) 13241300x800000000000000032479Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000032478Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a06036) 13241300x800000000000000032477Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ee5d-0x74d62e9d) 13241300x800000000000000032476Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6ee65-0xd69a969d) 13241300x800000000000000032475Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:20:22.263{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6ee6e-0x385efe9d) 10341000x800000000000000032474Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:22.154{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DC96-6006-6B09-00000000A301}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032473Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:22.154{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032472Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:22.154{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032471Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:22.154{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032470Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:22.154{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032469Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:22.154{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DC96-6006-6B09-00000000A301}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032468Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:22.154{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DC96-6006-6B09-00000000A301}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032467Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:22.154{E983936C-DC96-6006-6B09-00000000A301}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032493Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:24.749{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DC98-6006-6C09-00000000A301}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032492Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:24.749{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032491Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:24.749{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032490Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:24.749{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032489Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:24.749{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032488Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:24.749{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DC98-6006-6C09-00000000A301}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032487Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:24.749{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DC98-6006-6C09-00000000A301}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032486Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:24.748{E983936C-DC98-6006-6C09-00000000A301}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000032494Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:20:30.826{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yhh85cpg.default-release\SiteSecurityServiceState.txt2021-01-19 12:20:27.779 13241300x800000000000000032497Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:21:06.533{E983936C-B3A0-6006-2B00-00000000A301}2256C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x800000000000000032496Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:21:06.530{E983936C-B3A0-6006-2B00-00000000A301}2256C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\194FB71A-2A2E-4F97-8266-02E138A28647\Config SourceDWORD (0x00000001) 13241300x800000000000000032495Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:21:06.530{E983936C-B3A0-6006-2B00-00000000A301}2256C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\194FB71A-2A2E-4F97-8266-02E138A28647\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_194FB71A-2A2E-4F97-8266-02E138A28647.XML 10341000x800000000000000032505Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:19.613{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DCCF-6006-6D09-00000000A301}6140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032504Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:19.611{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032503Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:19.611{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032502Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:19.611{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032501Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:19.611{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032500Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:19.611{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DCCF-6006-6D09-00000000A301}6140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032499Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:19.610{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DCCF-6006-6D09-00000000A301}6140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032498Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:19.609{E983936C-DCCF-6006-6D09-00000000A301}6140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032523Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.925{E983936C-DCD0-6006-6F09-00000000A301}49604040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032522Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.775{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DCD0-6006-6F09-00000000A301}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032521Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.774{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032520Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.774{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032519Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.773{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032518Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.773{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032517Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.773{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DCD0-6006-6F09-00000000A301}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032516Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.773{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DCD0-6006-6F09-00000000A301}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032515Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.772{E983936C-DCD0-6006-6F09-00000000A301}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032514Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.336{E983936C-DCD0-6006-6E09-00000000A301}74605976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032513Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.186{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DCD0-6006-6E09-00000000A301}7460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032512Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.185{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032511Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.185{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032510Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.184{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032509Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.184{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032508Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.184{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DCD0-6006-6E09-00000000A301}7460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032507Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.184{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DCD0-6006-6E09-00000000A301}7460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032506Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:20.183{E983936C-DCD0-6006-6E09-00000000A301}7460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032557Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.514{E983936C-DCD1-6006-7009-00000000A301}78722840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032556Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032555Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032554Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032553Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032552Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032551Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032550Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032549Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032548Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032547Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.454{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032546Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032545Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032544Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032543Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032542Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032541Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032540Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032539Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032538Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032537Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032536Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032535Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032534Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032533Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032532Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.453{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032531Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.350{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DCD1-6006-7009-00000000A301}7872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032530Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.349{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032529Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.349{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032528Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.348{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032527Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.348{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032526Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.348{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DCD1-6006-7009-00000000A301}7872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032525Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.348{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DCD1-6006-7009-00000000A301}7872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032524Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:21.347{E983936C-DCD1-6006-7009-00000000A301}7872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032574Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.969{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DCD3-6006-7209-00000000A301}7696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032573Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.968{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032572Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.968{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032571Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.967{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032570Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.967{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032569Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.967{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DCD3-6006-7209-00000000A301}7696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032568Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.967{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DCD3-6006-7209-00000000A301}7696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032567Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.966{E983936C-DCD3-6006-7209-00000000A301}7696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032566Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.517{E983936C-DCD3-6006-7109-00000000A301}3544804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032565Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.365{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DCD3-6006-7109-00000000A301}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032564Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.364{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032563Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.364{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032562Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.363{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032561Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.363{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032560Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.363{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DCD3-6006-7109-00000000A301}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032559Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.363{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DCD3-6006-7109-00000000A301}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032558Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:23.362{E983936C-DCD3-6006-7109-00000000A301}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032582Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:25.809{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DCD5-6006-7309-00000000A301}8172C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032581Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:25.807{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032580Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:25.807{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032579Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:25.807{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032578Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:25.807{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032577Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:25.807{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DCD5-6006-7309-00000000A301}8172C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032576Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:25.806{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DCD5-6006-7309-00000000A301}8172C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032575Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:25.806{E983936C-DCD5-6006-7309-00000000A301}8172C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032601Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.744{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032600Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.725{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CEA8-6006-BA07-00000000A301}7648C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ca7|C:\Program Files\Mozilla Firefox\xul.dll+a853c6|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032599Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.708{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032598Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.701{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032597Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.701{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032596Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.221{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032595Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.221{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032594Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.221{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032593Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.219{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032592Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.208{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032591Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.205{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032590Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.205{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032589Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.179{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032588Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.178{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032587Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.178{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032586Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.176{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032585Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.173{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032584Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.172{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032583Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:40.168{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CFB9-6006-DF07-00000000A301}4672C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ea9|C:\Program Files\Mozilla Firefox\xul.dll+2bd20a3|C:\Program Files\Mozilla Firefox\xul.dll+2b92cb8|C:\Program Files\Mozilla Firefox\xul.dll+2b92c62|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126d105|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+1ad8d4|C:\Program Files\Mozilla Firefox\xul.dll+400caec|C:\Program Files\Mozilla Firefox\xul.dll+fd583|C:\Program Files\Mozilla Firefox\xul.dll+3ec8f34|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+1ad8d4|C:\Program Files\Mozilla Firefox\xul.dll+400caec|C:\Program Files\Mozilla Firefox\xul.dll+fd583|C:\Program Files\Mozilla Firefox\xul.dll+3ec8f34|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+2b830e|C:\Program Files\Mozilla Firefox\xul.dll+2b58b3 10341000x800000000000000032603Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:41.608{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000032602Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:41.608{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000032605Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:43.026{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000032604Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:43.026{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000032607Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:42.538{E983936C-CD5C-6006-8407-00000000A301}6812www.google.com0172.217.22.4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032606Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:42.538{E983936C-CD5C-6006-8407-00000000A301}6812www.google.com0::ffff:172.217.22.4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032608Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:42.540{E983936C-CD5C-6006-8407-00000000A301}6812www.google.com02a00:1450:4001:817::2004;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032613Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:49.953{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032612Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:49.818{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000032611Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:49.818{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000032610Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:49.818{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000032609Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:49.818{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000032622Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.060{E983936C-CD5C-6006-8407-00000000A301}6812ogs.google.com0type: 5 www3.l.google.com;216.58.206.14;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032621Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:49.317{E983936C-CD5C-6006-8407-00000000A301}6812gstaticadssl.l.google.com02a00:1450:4001:818::2003;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032620Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.460{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032619Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.453{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032618Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.453{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032617Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.427{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032616Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.422{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032615Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.421{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032614Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:49.999{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032630Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:51.917{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000032629Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:51.916{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 22542200x800000000000000032628Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.062{E983936C-CD5C-6006-8407-00000000A301}6812www3.l.google.com02a00:1450:4001:815::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032627Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.061{E983936C-CD5C-6006-8407-00000000A301}6812plus.l.google.com02a00:1450:4001:800::200e;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032626Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:51.420{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000032625Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:51.420{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000032624Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:51.343{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000032623Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:51.343{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 22542200x800000000000000032635Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:50.158{E983936C-CD5C-6006-8407-00000000A301}6812adservice.google.de0type: 5 pagead46.l.doubleclick.net;::ffff:172.217.18.162;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032634Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:52.468{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000032633Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:52.468{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000032632Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:52.375{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000032631Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:52.375{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000032639Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.625{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000032638Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.625{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000032637Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.405{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000032636Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.405{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000032647Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.953{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032646Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.906{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032645Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.881{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032644Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.881{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032643Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.881{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032642Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.734{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032641Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.734{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032640Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.734{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032739Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.986{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032738Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.985{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032737Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.696{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032736Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.693{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000032735Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.822{E983936C-CD5C-6006-8407-00000000A301}6812d3pjq9s091b915.cloudfront.net013.35.253.36;13.35.253.59;13.35.253.88;13.35.253.89;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032734Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.821{E983936C-CD5C-6006-8407-00000000A301}6812d3pjq9s091b915.cloudfront.net0::ffff:13.35.253.89;::ffff:13.35.253.36;::ffff:13.35.253.59;::ffff:13.35.253.88;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032733Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.011{E983936C-CD5C-6006-8407-00000000A301}6812techexpert.tips9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032732Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.008{E983936C-CD5C-6006-8407-00000000A301}6812techexpert.tips054.189.219.43;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032731Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.007{E983936C-CD5C-6006-8407-00000000A301}6812techexpert.tips0::ffff:54.189.219.43;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032730Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.502{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9907-00000000A301}7244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032729Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.502{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9907-00000000A301}7244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032728Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.499{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9A07-00000000A301}7260C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032727Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.499{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9A07-00000000A301}7260C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032726Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.499{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9A07-00000000A301}7260C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032725Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.499{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9A07-00000000A301}7260C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032724Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.381{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032723Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.381{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032722Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.381{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032721Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.381{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032720Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.380{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032719Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.380{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032718Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.380{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032717Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.379{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032716Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.379{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032715Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.379{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032714Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.378{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032713Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.377{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032712Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.376{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032711Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.375{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032710Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.375{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032709Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.375{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032708Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032707Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032706Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032705Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032704Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032703Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032702Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032701Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032700Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032699Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032698Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032697Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032696Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032695Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032694Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032693Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032692Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032691Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032690Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.359{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032689Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.343{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032688Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.343{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032687Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.343{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032686Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.343{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032685Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032684Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032683Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032682Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032681Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032680Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032679Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032678Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032677Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032676Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032675Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032674Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032673Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032672Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032671Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032670Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.203{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032669Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032668Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032667Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032666Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032665Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032664Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032663Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032662Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032661Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032660Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032659Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032658Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032657Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032656Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032655Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032654Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032653Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032652Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032651Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032650Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032649Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032648Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.181{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032766Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.907{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032765Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.902{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032764Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.902{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032763Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.901{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000032762Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.349{E983936C-CD5C-6006-8407-00000000A301}6812img.onesignal.com02606:4700::6812:e234;2606:4700::6812:e134;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032761Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.344{E983936C-CD5C-6006-8407-00000000A301}6812img.onesignal.com0104.18.226.52;104.18.225.52;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032760Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.343{E983936C-CD5C-6006-8407-00000000A301}6812img.onesignal.com0::ffff:104.18.225.52;::ffff:104.18.226.52;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032759Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.425{E983936C-CD5C-6006-8407-00000000A301}6812www-google-analytics.l.google.com02a00:1450:4001:81d::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032758Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.424{E983936C-CD5C-6006-8407-00000000A301}6812www-google-analytics.l.google.com0172.217.18.110;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032757Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.391{E983936C-CD5C-6006-8407-00000000A301}6812onesignal.com02606:4700::6812:e134;2606:4700::6812:e234;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032756Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.389{E983936C-CD5C-6006-8407-00000000A301}6812onesignal.com0104.18.226.52;104.18.225.52;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032755Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:56.388{E983936C-CD5C-6006-8407-00000000A301}6812onesignal.com0::ffff:104.18.226.52;::ffff:104.18.225.52;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032754Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.942{E983936C-CD5C-6006-8407-00000000A301}6812cdn.onesignal.com02606:4700::6812:e234;2606:4700::6812:e134;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032753Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.936{E983936C-CD5C-6006-8407-00000000A301}6812cdn.onesignal.com0104.18.226.52;104.18.225.52;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032752Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.935{E983936C-CD5C-6006-8407-00000000A301}6812cdn.onesignal.com0::ffff:104.18.225.52;::ffff:104.18.226.52;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032751Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.836{E983936C-CD5C-6006-8407-00000000A301}6812www-googletagmanager.l.google.com02a00:1450:4001:808::2008;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032750Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.834{E983936C-CD5C-6006-8407-00000000A301}6812www-googletagmanager.l.google.com0216.58.206.8;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032749Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:55.833{E983936C-CD5C-6006-8407-00000000A301}6812d3pjq9s091b915.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032748Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.584{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032747Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.584{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032746Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.583{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032745Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.583{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032744Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.583{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032743Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.178{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032742Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.177{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032741Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.094{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032740Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:58.093{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032809Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.831{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032808Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.830{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032807Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.829{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032806Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.809{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032805Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.808{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032804Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.808{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032803Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.808{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032802Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.807{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032801Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.807{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032800Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.807{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032799Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.807{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032798Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.806{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032797Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.805{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032796Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.764{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032795Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.764{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032794Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.763{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032793Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.763{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032792Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.763{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032791Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.763{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032790Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.762{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032789Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.760{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032788Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.759{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032787Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.758{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032786Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.758{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032785Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.758{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032784Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.758{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032783Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.757{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032782Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.757{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032781Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.756{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000032780Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.698{E983936C-CD5C-6006-8407-00000000A301}6812cdn-content.ampproject.org02a00:1450:4001:81c::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032779Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.696{E983936C-CD5C-6006-8407-00000000A301}6812cdn-content.ampproject.org0216.58.212.161;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032778Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.695{E983936C-CD5C-6006-8407-00000000A301}6812cdn.ampproject.org0type: 5 cdn-content.ampproject.org;::ffff:216.58.212.161;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000032777Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.690{E983936C-CD5C-6006-8407-00000000A301}6812s0-2mdn-net.l.google.com0142.250.74.198;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032776Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.537{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032775Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.536{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032774Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.535{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032773Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.535{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032772Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.534{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032771Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.534{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032770Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.534{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032769Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.534{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032768Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.533{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032767Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:59.252{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032846Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.943{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032845Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.943{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032844Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.943{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032843Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.942{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032842Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.942{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032841Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.942{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032840Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.942{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032839Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.941{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032838Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.941{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032837Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.941{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032836Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.938{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032835Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.917{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032834Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.916{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032833Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.916{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032832Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.916{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032831Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.915{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032830Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.915{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032829Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.915{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032828Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.914{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032827Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.914{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032826Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.914{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032825Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.912{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032824Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.909{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032823Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.896{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000032822Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.896{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000032821Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.808{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032820Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.808{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032819Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.776{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032818Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.776{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000032817Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:21:57.703{E983936C-CD5C-6006-8407-00000000A301}6812s0-2mdn-net.l.google.com02a00:1450:4001:80b::2006;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032816Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.604{E983936C-B390-6006-1400-00000000A301}12962528C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032815Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.368{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032814Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.304{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032813Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.199{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000032812Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.199{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000032811Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.086{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032810Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:00.049{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032870Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.224{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032869Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.223{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032868Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.223{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032867Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.223{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032866Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.223{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032865Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.222{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032864Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.222{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032863Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.222{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032862Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.221{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032861Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.219{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032860Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.218{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032859Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.218{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032858Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.198{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032857Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.197{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032856Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.196{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032855Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.194{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032854Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.193{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032853Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.185{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032852Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.184{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032851Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.183{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032850Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.182{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032849Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.178{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032848Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.178{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032847Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:01.177{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032879Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:19.781{E983936C-DD0B-6006-7409-00000000A301}26807764C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032878Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:19.625{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD0B-6006-7409-00000000A301}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032877Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:19.625{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032876Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:19.625{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032875Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:19.625{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032874Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:19.625{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032873Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:19.625{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DD0B-6006-7409-00000000A301}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032872Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:19.625{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD0B-6006-7409-00000000A301}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032871Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:19.627{E983936C-DD0B-6006-7409-00000000A301}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032899Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.939{E983936C-DD0C-6006-7609-00000000A301}62246520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032898Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.797{E983936C-CCDD-6006-4607-00000000A301}50803468C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF802132EA8D8)|UNKNOWN(FFFFB111D4834998)|UNKNOWN(FFFFB111D4834B17)|UNKNOWN(FFFFB111D482F1A1)|UNKNOWN(FFFFB111D4830B6A)|UNKNOWN(FFFFB111D482EE26)|UNKNOWN(FFFFF80213001E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000032897Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.797{E983936C-CCDD-6006-4607-00000000A301}50803468C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF802132EA8D8)|UNKNOWN(FFFFB111D4834998)|UNKNOWN(FFFFB111D4834B17)|UNKNOWN(FFFFB111D482F1A1)|UNKNOWN(FFFFB111D4830B6A)|UNKNOWN(FFFFB111D482EE26)|UNKNOWN(FFFFF80213001E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032896Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.781{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD0C-6006-7609-00000000A301}6224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032895Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.781{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032894Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.781{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032893Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.781{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032892Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.781{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032891Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.781{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DD0C-6006-7609-00000000A301}6224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032890Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.781{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD0C-6006-7609-00000000A301}6224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032889Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.784{E983936C-DD0C-6006-7609-00000000A301}6224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032888Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.352{E983936C-DD0C-6006-7509-00000000A301}58807152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032887Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.203{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD0C-6006-7509-00000000A301}5880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032886Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.203{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032885Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.203{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032884Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.203{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032883Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.203{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032882Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.203{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD0C-6006-7509-00000000A301}5880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032881Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.203{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD0C-6006-7509-00000000A301}5880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032880Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:20.205{E983936C-DD0C-6006-7509-00000000A301}5880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032916Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.944{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD0D-6006-7809-00000000A301}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032915Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.942{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032914Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.941{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032913Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.941{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032912Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.941{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032911Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.941{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD0D-6006-7809-00000000A301}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032910Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.940{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD0D-6006-7809-00000000A301}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032909Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.940{E983936C-DD0D-6006-7809-00000000A301}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032908Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.531{E983936C-DD0D-6006-7709-00000000A301}62126920C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032907Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.375{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD0D-6006-7709-00000000A301}6212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032906Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.375{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032905Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.375{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032904Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.375{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032903Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.375{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032902Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.375{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DD0D-6006-7709-00000000A301}6212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032901Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.375{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD0D-6006-7709-00000000A301}6212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032900Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:21.377{E983936C-DD0D-6006-7709-00000000A301}6212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032924Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:22.516{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD0E-6006-7909-00000000A301}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032923Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:22.516{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032922Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:22.516{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032921Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:22.516{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032920Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:22.516{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032919Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:22.516{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DD0E-6006-7909-00000000A301}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032918Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:22.516{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD0E-6006-7909-00000000A301}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032917Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:22.518{E983936C-DD0E-6006-7909-00000000A301}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032930Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:24.406{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032929Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:24.406{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032928Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:24.406{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032927Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:24.406{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032926Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:24.406{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032925Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:24.406{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032938Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:26.375{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD12-6006-7A09-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032937Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:26.375{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032936Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:26.375{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032935Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:26.375{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032934Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:26.375{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032933Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:26.375{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD12-6006-7A09-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032932Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:26.375{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD12-6006-7A09-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032931Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:26.377{E983936C-DD12-6006-7A09-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032940Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:37.016{E983936C-CCDC-6006-3B07-00000000A301}8242096C:\Windows\System32\RuntimeBroker.exe{E983936C-CCDC-6006-3D07-00000000A301}4780C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000032939Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:37.016{E983936C-CCDC-6006-3B07-00000000A301}8242096C:\Windows\System32\RuntimeBroker.exe{E983936C-CCDC-6006-3D07-00000000A301}4780C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000032943Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:39.782{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B390-6006-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032942Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:39.782{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B390-6006-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032941Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:22:39.782{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B390-6006-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032946Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:00.610{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032945Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:00.610{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032944Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:00.610{E983936C-B38D-6006-0B00-00000000A301}8521656C:\Windows\system32\lsass.exe{E983936C-B38D-6006-0A00-00000000A301}844C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032964Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.853{E983936C-DD47-6006-7C09-00000000A301}48046452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032963Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.720{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD47-6006-7C09-00000000A301}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032962Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.720{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032961Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.720{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032960Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.720{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032959Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.720{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032958Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.720{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD47-6006-7C09-00000000A301}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032957Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.720{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD47-6006-7C09-00000000A301}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032956Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.721{E983936C-DD47-6006-7C09-00000000A301}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032955Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.689{E983936C-B38D-6006-0B00-00000000A301}8521656C:\Windows\system32\lsass.exe{E983936C-B38B-6006-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000032954Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.052{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD47-6006-7B09-00000000A301}7360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032953Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.050{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032952Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.050{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032951Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.050{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032950Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.050{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032949Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.050{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DD47-6006-7B09-00000000A301}7360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032948Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.050{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD47-6006-7B09-00000000A301}7360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032947Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:19.049{E983936C-DD47-6006-7B09-00000000A301}7360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032981Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.876{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD48-6006-7E09-00000000A301}7164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032980Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.876{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032979Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.876{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032978Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.876{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032977Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.876{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032976Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.876{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD48-6006-7E09-00000000A301}7164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032975Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.876{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD48-6006-7E09-00000000A301}7164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032974Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.877{E983936C-DD48-6006-7E09-00000000A301}7164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032973Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.392{E983936C-DD48-6006-7D09-00000000A301}24205944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032972Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.253{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD48-6006-7D09-00000000A301}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032971Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.253{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032970Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.253{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032969Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.253{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032968Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.253{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032967Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.253{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DD48-6006-7D09-00000000A301}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032966Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.253{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD48-6006-7D09-00000000A301}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032965Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:20.252{E983936C-DD48-6006-7D09-00000000A301}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032990Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:21.501{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD49-6006-7F09-00000000A301}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032989Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:21.501{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032988Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:21.501{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032987Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:21.501{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032986Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:21.501{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032985Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:21.501{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DD49-6006-7F09-00000000A301}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032984Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:21.501{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD49-6006-7F09-00000000A301}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032983Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:21.503{E983936C-DD49-6006-7F09-00000000A301}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032982Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:21.033{E983936C-DD48-6006-7E09-00000000A301}71648116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033030Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.945{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9907-00000000A301}7244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033029Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.945{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9907-00000000A301}7244C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033028Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.943{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9A07-00000000A301}7260C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033027Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.942{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9A07-00000000A301}7260C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033026Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.942{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9A07-00000000A301}7260C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033025Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.942{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD9F-6006-9A07-00000000A301}7260C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033024Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033023Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033022Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033021Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033020Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033019Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033018Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033017Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033016Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033015Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033014Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033013Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033012Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033011Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033010Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033009Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033008Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033007Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033006Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033005Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033004Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033003Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033002Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033001Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033000Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.470{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032999Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.314{E983936C-DD4A-6006-8009-00000000A301}60684908C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032998Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.173{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD4A-6006-8009-00000000A301}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032997Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.173{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032996Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.173{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032995Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.173{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032994Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.173{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032993Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.173{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DD4A-6006-8009-00000000A301}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032992Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.173{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD4A-6006-8009-00000000A301}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032991Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:22.174{E983936C-DD4A-6006-8009-00000000A301}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033038Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:25.798{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD4D-6006-8109-00000000A301}8052C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033037Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:25.798{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033036Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:25.798{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033035Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:25.798{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033034Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:25.798{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033033Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:25.798{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD4D-6006-8109-00000000A301}8052C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033032Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:25.798{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD4D-6006-8109-00000000A301}8052C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033031Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:23:25.799{E983936C-DD4D-6006-8109-00000000A301}8052C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033055Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.893{E983936C-DD83-6006-8309-00000000A301}42206820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033054Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.756{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD83-6006-8309-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033053Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.755{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033052Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.755{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033051Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.754{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033050Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.754{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033049Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.754{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DD83-6006-8309-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033048Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.754{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD83-6006-8309-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033047Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.753{E983936C-DD83-6006-8309-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033046Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.081{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD83-6006-8209-00000000A301}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033045Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.081{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033044Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.081{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033043Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.081{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033042Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.081{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033041Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.081{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD83-6006-8209-00000000A301}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033040Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.081{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD83-6006-8209-00000000A301}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033039Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:19.081{E983936C-DD83-6006-8209-00000000A301}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033066Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.815{E983936C-CCDD-6006-4607-00000000A301}50803468C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF802132EA8D8)|UNKNOWN(FFFFB111D4834998)|UNKNOWN(FFFFB111D4834B17)|UNKNOWN(FFFFB111D482F1A1)|UNKNOWN(FFFFB111D4830B6A)|UNKNOWN(FFFFB111D482EE26)|UNKNOWN(FFFFF80213001E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000033065Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.815{E983936C-CCDD-6006-4607-00000000A301}50803468C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF802132EA8D8)|UNKNOWN(FFFFB111D4834998)|UNKNOWN(FFFFB111D4834B17)|UNKNOWN(FFFFB111D482F1A1)|UNKNOWN(FFFFB111D4830B6A)|UNKNOWN(FFFFB111D482EE26)|UNKNOWN(FFFFF80213001E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033064Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.581{E983936C-DD84-6006-8409-00000000A301}66923328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033063Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.440{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD84-6006-8409-00000000A301}6692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033062Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.440{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033061Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.440{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033060Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.440{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033059Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.440{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033058Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.440{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD84-6006-8409-00000000A301}6692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033057Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.440{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD84-6006-8409-00000000A301}6692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033056Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:20.440{E983936C-DD84-6006-8409-00000000A301}6692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033084Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.924{E983936C-DD85-6006-8609-00000000A301}58047976C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033083Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.784{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD85-6006-8609-00000000A301}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033082Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.784{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033081Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.784{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033080Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.784{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033079Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.784{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033078Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.784{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DD85-6006-8609-00000000A301}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033077Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.784{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD85-6006-8609-00000000A301}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033076Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.784{E983936C-DD85-6006-8609-00000000A301}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033075Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.259{E983936C-DD85-6006-8509-00000000A301}36161392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033074Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.112{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD85-6006-8509-00000000A301}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033073Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.112{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033072Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.112{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033071Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.112{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033070Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.112{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033069Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.112{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD85-6006-8509-00000000A301}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033068Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.112{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD85-6006-8509-00000000A301}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033067Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:21.112{E983936C-DD85-6006-8509-00000000A301}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033092Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:22.459{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD86-6006-8709-00000000A301}7576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033091Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:22.458{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033090Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:22.458{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033089Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:22.458{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033088Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:22.458{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033087Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:22.457{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD86-6006-8709-00000000A301}7576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033086Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:22.457{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD86-6006-8709-00000000A301}7576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033085Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:22.456{E983936C-DD86-6006-8709-00000000A301}7576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033100Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:25.831{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DD89-6006-8809-00000000A301}8072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033099Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:25.831{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033098Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:25.831{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033097Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:25.831{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033096Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:25.831{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033095Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:25.831{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DD89-6006-8809-00000000A301}8072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033094Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:25.831{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DD89-6006-8809-00000000A301}8072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033093Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:24:25.831{E983936C-DD89-6006-8809-00000000A301}8072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033106Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:06.910{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033105Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:06.910{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033104Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:06.910{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033103Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:06.910{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033102Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:06.910{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033101Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:06.910{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033120Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.832{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000033119Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.832{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000033118Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.738{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033117Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.707{E983936C-CCDD-6006-4607-00000000A301}50805408C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033116Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.707{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033115Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.707{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033114Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.488{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033113Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.488{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033112Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.488{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033111Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.488{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033110Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.464{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033109Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.464{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033108Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.463{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033107Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:13.461{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CEA8-6006-BA07-00000000A301}7648C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ea9|C:\Program Files\Mozilla Firefox\xul.dll+2bd20a3|C:\Program Files\Mozilla Firefox\xul.dll+2b92cb8|C:\Program Files\Mozilla Firefox\xul.dll+2b92c62|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126d105|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+1ad8d4|C:\Program Files\Mozilla Firefox\xul.dll+400caec|C:\Program Files\Mozilla Firefox\xul.dll+fd583|C:\Program Files\Mozilla Firefox\xul.dll+3ec8f34|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+1ad8d4|C:\Program Files\Mozilla Firefox\xul.dll+400caec|C:\Program Files\Mozilla Firefox\xul.dll+fd583|C:\Program Files\Mozilla Firefox\xul.dll+3ec8f34|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+17140a|UNKNOWN(00000075F8843E0F) 10341000x800000000000000033129Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.785{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033128Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.738{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033127Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.691{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000033126Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.691{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000033125Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.664{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033124Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.629{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033123Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.629{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033122Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.564{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033121Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.464{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CEA8-6006-BA07-00000000A301}7648C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ca7|C:\Program Files\Mozilla Firefox\xul.dll+a853c6|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000033134Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.041{E983936C-CD5C-6006-8407-00000000A301}6812cdn-content.ampproject.org02a00:1450:4001:821::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033133Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.039{E983936C-CD5C-6006-8407-00000000A301}6812cdn-content.ampproject.org0172.217.23.161;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033132Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.039{E983936C-CD5C-6006-8407-00000000A301}6812cdn.ampproject.org0type: 5 cdn-content.ampproject.org;::ffff:172.217.23.161;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000033131Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:16.164{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033130Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:16.082{E983936C-CD5C-6006-8407-00000000A301}6812728C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000033138Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.644{E983936C-CD5C-6006-8407-00000000A301}6812www.google.com02a00:1450:4001:81a::2004;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033137Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.642{E983936C-CD5C-6006-8407-00000000A301}6812www.google.com0172.217.23.164;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033136Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.641{E983936C-CD5C-6006-8407-00000000A301}6812www.google.com0::ffff:172.217.23.164;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033135Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:15.639{E983936C-CD5C-6006-8407-00000000A301}6812s0-2mdn-net.l.google.com0172.217.22.6;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000033157Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.832{E983936C-DDBF-6006-8A09-00000000A301}58605156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033156Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.691{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDBF-6006-8A09-00000000A301}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033155Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.691{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033154Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.691{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033153Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.691{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033152Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.691{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033151Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.691{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DDBF-6006-8A09-00000000A301}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033150Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.691{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDBF-6006-8A09-00000000A301}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033149Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.692{E983936C-DDBF-6006-8A09-00000000A301}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033148Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.316{E983936C-B38D-6006-0B00-00000000A301}8526568C:\Windows\system32\lsass.exe{E983936C-B38B-6006-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000033147Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.144{E983936C-DDBF-6006-8909-00000000A301}51968068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033146Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.004{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDBF-6006-8909-00000000A301}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033145Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.004{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033144Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.004{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033143Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.004{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033142Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.004{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033141Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.004{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DDBF-6006-8909-00000000A301}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033140Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.004{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDBF-6006-8909-00000000A301}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033139Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:19.004{E983936C-DDBF-6006-8909-00000000A301}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033168Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.962{E983936C-B390-6006-1600-00000000A301}1528660C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-2B00-00000000A301}2256C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033167Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.962{E983936C-B390-6006-1600-00000000A301}1528660C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-2B00-00000000A301}2256C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033166Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.504{E983936C-DDC0-6006-8B09-00000000A301}53922620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033165Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.364{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDC0-6006-8B09-00000000A301}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033164Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.364{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033163Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.364{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033162Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.364{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033161Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.364{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033160Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.364{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DDC0-6006-8B09-00000000A301}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033159Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.364{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDC0-6006-8B09-00000000A301}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033158Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:20.364{E983936C-DDC0-6006-8B09-00000000A301}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033197Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.597{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDC1-6006-8D09-00000000A301}6888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033196Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.597{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033195Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.597{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033194Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.597{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033193Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.597{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033192Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.597{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DDC1-6006-8D09-00000000A301}6888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033191Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.597{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDC1-6006-8D09-00000000A301}6888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033190Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.599{E983936C-DDC1-6006-8D09-00000000A301}6888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x800000000000000033189Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000033188Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000033187Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\AddressTypeDWORD (0x00000000) 13241300x800000000000000033186Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\LeaseTerminatesTimeDWORD (0x6006ebd1) 13241300x800000000000000033185Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\T2DWORD (0x6006ea0f) 13241300x800000000000000033184Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\T1DWORD (0x6006e4c9) 13241300x800000000000000033183Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\LeaseObtainedTimeDWORD (0x6006ddc1) 13241300x800000000000000033182Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\LeaseDWORD (0x00000e10) 13241300x800000000000000033181Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpServer10.0.1.1 13241300x800000000000000033180Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpSubnetMask255.255.255.0 13241300x800000000000000033179Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpIPAddress10.0.1.14 13241300x800000000000000033178Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:21.255{E983936C-B390-6006-1100-00000000A301}1168C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpInterfaceOptionsBinary Data 10341000x800000000000000033177Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.191{E983936C-DDC1-6006-8C09-00000000A301}44563872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033176Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.035{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDC1-6006-8C09-00000000A301}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033175Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.035{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033174Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.035{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033173Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.035{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033172Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.035{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033171Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.035{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DDC1-6006-8C09-00000000A301}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033170Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.035{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDC1-6006-8C09-00000000A301}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033169Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:21.036{E983936C-DDC1-6006-8C09-00000000A301}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033215Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:22.285{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDC2-6006-8E09-00000000A301}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033214Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:22.285{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033213Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:22.285{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033212Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:22.285{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033211Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:22.285{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033210Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:22.285{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DDC2-6006-8E09-00000000A301}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033209Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:22.285{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDC2-6006-8E09-00000000A301}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033208Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:22.285{E983936C-DDC2-6006-8E09-00000000A301}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x800000000000000033207Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000033206Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a4f416) 13241300x800000000000000033205Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ee5e-0x27a68c9d) 13241300x800000000000000033204Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6ee66-0x896af49d) 13241300x800000000000000033203Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6ee6e-0xeb2f5c9d) 13241300x800000000000000033202Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000033201Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a4f416) 13241300x800000000000000033200Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ee5e-0x27a68c9d) 13241300x800000000000000033199Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6ee66-0x896af49d) 13241300x800000000000000033198Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:22.285{E983936C-B38D-6006-0B00-00000000A301}852C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6ee6e-0xeb2f5c9d) 10341000x800000000000000033258Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3000-00000000A301}2668C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033257Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3000-00000000A301}2668C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033256Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033255Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033254Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033253Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033252Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033251Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033250Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033249Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033248Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033247Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033246Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033245Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033244Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033243Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033242Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033241Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033240Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033239Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033238Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033237Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033236Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033235Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033234Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033233Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033232Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033231Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-B390-6006-1000-00000000A301}1160C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033230Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.488{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-B390-6006-1000-00000000A301}1160C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000033229Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000033228Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000033227Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000033226Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\FlagsDWORD (0x00000002) 13241300x800000000000000033225Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\TtlDWORD (0x000004b0) 13241300x800000000000000033224Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentPriUpdateToIpBinary Data 13241300x800000000000000033223Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentUpdateToIpBinary Data 13241300x800000000000000033222Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\DnsServersBinary Data 13241300x800000000000000033221Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\HostAddrsBinary Data 13241300x800000000000000033220Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\PrimaryDomainNameattackrange.local 13241300x800000000000000033219Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\AdapterDomainName(Empty) 13241300x800000000000000033218Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\Hostnamewin-dc-397 10341000x800000000000000033217Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:23.301{E983936C-B38D-6006-0B00-00000000A301}8524588C:\Windows\system32\lsass.exe{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x800000000000000033216Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:25:23.301{E983936C-B390-6006-1400-00000000A301}1296C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 10341000x800000000000000033266Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:25.832{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDC5-6006-8F09-00000000A301}7524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033265Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:25.832{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033264Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:25.832{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033263Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:25.832{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033262Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:25.832{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033261Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:25.832{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DDC5-6006-8F09-00000000A301}7524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033260Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:25.832{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDC5-6006-8F09-00000000A301}7524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033259Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:25.832{E983936C-DDC5-6006-8F09-00000000A301}7524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033307Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.941{E983936C-CD5C-6006-8407-00000000A301}68124868C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+f74b0e|C:\Program Files\Mozilla Firefox\xul.dll+1087037|C:\Program Files\Mozilla Firefox\xul.dll+11c4361|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+3b226|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033306Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.926{E983936C-B390-6006-1000-00000000A301}11601804C:\Windows\system32\svchost.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033305Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.926{E983936C-B390-6006-1000-00000000A301}11601804C:\Windows\system32\svchost.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033304Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.910{E983936C-B390-6006-1000-00000000A301}11601804C:\Windows\system32\svchost.exe{E983936C-D0E5-6006-0C08-00000000A301}4648C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033303Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.910{E983936C-B38D-6006-0B00-00000000A301}8524588C:\Windows\system32\lsass.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033302Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.910{E983936C-B38D-6006-0B00-00000000A301}8524588C:\Windows\system32\lsass.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033301Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.895{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1042fa9|C:\Program Files\Mozilla Firefox\xul.dll+2bb7134|C:\Program Files\Mozilla Firefox\xul.dll+101d89a|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+a7a56f|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18 10341000x800000000000000033300Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.879{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033299Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.879{E983936C-B390-6006-1600-00000000A301}15281568C:\Windows\system32\svchost.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033298Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.879{E983936C-CD5C-6006-8407-00000000A301}68124152C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033297Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106d041|C:\Program Files\Mozilla Firefox\xul.dll+1724d76|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033296Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cf41|C:\Program Files\Mozilla Firefox\xul.dll+1724ba8|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033295Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106ce41|C:\Program Files\Mozilla Firefox\xul.dll+17249fe|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033294Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cd41|C:\Program Files\Mozilla Firefox\xul.dll+172484f|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033293Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2ba9755|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033292Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033291Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033290Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033289Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033288Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033287Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033286Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033285Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033284Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033283Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033282Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033281Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033280Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033279Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000033278Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2ba9421|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000033277Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.848{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+2ba9393|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033276Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.832{E983936C-CD5C-6006-8407-00000000A301}68126752C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033275Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.832{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033274Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.832{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033273Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.832{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033272Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.832{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033271Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.832{E983936C-CCD9-6006-3007-00000000A301}36481312C:\Windows\system32\csrss.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033270Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.832{E983936C-CD5C-6006-8407-00000000A301}68126484C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+50312|C:\Program Files\Mozilla Firefox\firefox.exe+2d163|C:\Program Files\Mozilla Firefox\xul.dll+9cb21b|C:\Program Files\Mozilla Firefox\xul.dll+f7278c|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033269Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.842{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6812.76.1071093447\496561762" -childID 11 -isForBrowser -prefsHandle 7916 -prefMapHandle 8280 -prefsLen 16388 -prefMapSize 229288 -parentBuildID 20210105180113 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6812 "\\.\pipe\gecko-crash-server-pipe.6812" 7764 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{E983936C-CCDB-6006-3B2A-3C0000000000}0x3c2a3b2LowMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000033268Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.832{E983936C-B390-6006-1200-00000000A301}11842252C:\Windows\System32\svchost.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033267Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.801{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-D0E5-6006-0C08-00000000A301}4648C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2bd18cd|C:\Program Files\Mozilla Firefox\xul.dll+2ba6aa4|C:\Program Files\Mozilla Firefox\xul.dll+2ba89c6|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+275993|C:\Program Files\Mozilla Firefox\xul.dll+4c069a 22542200x800000000000000033308Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.201{E983936C-CD5C-6006-8407-00000000A301}6812spocs.getpocket.com0type: 5 proxyserverecs-1736642167.us-east-1.elb.amazonaws.com;::ffff:34.192.53.143;::ffff:34.203.15.45;::ffff:52.20.179.133;::ffff:52.86.239.227;::ffff:54.147.76.56;::ffff:54.164.169.143;::ffff:54.221.57.17;::ffff:3.232.128.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033318Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.207{E983936C-CD5C-6006-8407-00000000A301}6812d3pjq9s091b915.cloudfront.net099.84.85.51;99.84.85.84;99.84.85.99;99.84.85.122;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033317Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.206{E983936C-CD5C-6006-8407-00000000A301}6812d3pjq9s091b915.cloudfront.net0::ffff:99.84.85.122;::ffff:99.84.85.51;::ffff:99.84.85.84;::ffff:99.84.85.99;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033316Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.202{E983936C-CD5C-6006-8407-00000000A301}6812proxyserverecs-1736642167.us-east-1.elb.amazonaws.com034.203.15.45;52.20.179.133;52.86.239.227;54.147.76.56;54.164.169.143;54.221.57.17;3.232.128.142;34.192.53.143;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033315Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:29.201{E983936C-CD5C-6006-8407-00000000A301}6812spocs.getpocket.com0type: 5 proxyserverecs-1736642167.us-east-1.elb.amazonaws.com;34.192.53.143;34.203.15.45;52.20.179.133;52.86.239.227;54.147.76.56;54.164.169.143;54.221.57.17;3.232.128.142;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000033314Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.520{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033313Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.520{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033312Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.520{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033311Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.520{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033310Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.520{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033309Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.520{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000033324Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.214{E983936C-CD5C-6006-8407-00000000A301}6812noom.8utb.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033323Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.204{E983936C-CD5C-6006-8407-00000000A301}6812simplisafe.com052.222.177.14;52.222.177.71;52.222.177.113;52.222.177.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033322Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.204{E983936C-CD5C-6006-8407-00000000A301}6812simplisafe.com0::ffff:52.222.177.5;::ffff:52.222.177.14;::ffff:52.222.177.71;::ffff:52.222.177.113;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033321Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.202{E983936C-CD5C-6006-8407-00000000A301}6812noom.8utb.net034.250.147.107;52.50.29.18;54.154.228.188;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033320Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:31.202{E983936C-CD5C-6006-8407-00000000A301}6812noom.8utb.net0::ffff:54.154.228.188;::ffff:34.250.147.107;::ffff:52.50.29.18;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000033319Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:32.520{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD60-6006-8907-00000000A301}6724C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+ffe277|C:\Program Files\Mozilla Firefox\xul.dll+f7ce83|C:\Program Files\Mozilla Firefox\xul.dll+f74158|C:\Program Files\Mozilla Firefox\xul.dll+319862|C:\Program Files\Mozilla Firefox\xul.dll+10d2f04|C:\Program Files\Mozilla Firefox\xul.dll+ed5c9f|C:\Program Files\Mozilla Firefox\xul.dll+b30306|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 22542200x800000000000000033327Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:34.679{E983936C-CD5C-6006-8407-00000000A301}6812int-classic-scout-production-1074780512.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033326Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:34.673{E983936C-CD5C-6006-8407-00000000A301}6812int-classic-scout-production-1074780512.us-east-1.elb.amazonaws.com052.72.215.55;52.72.83.219;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000033325Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:34.672{E983936C-CD5C-6006-8407-00000000A301}6812i.geistm.com0type: 5 int-classic-scout-production-1074780512.us-east-1.elb.amazonaws.com;::ffff:52.72.83.219;::ffff:52.72.215.55;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000033330Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:41.707{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033329Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:41.707{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033328Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:41.707{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033331Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:45.989{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033338Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:46.614{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033337Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:46.614{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033336Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:46.614{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033335Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:46.614{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033334Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:46.614{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033333Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:46.614{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033332Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:46.129{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033341Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:52.426{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033340Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:52.426{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033339Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:52.426{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033343Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:53.765{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033342Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:53.665{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033351Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:54.583{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033350Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:54.583{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033349Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:54.583{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033348Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:54.583{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033347Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:54.583{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033346Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:54.583{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033345Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:54.145{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033344Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:25:54.063{E983936C-CD5C-6006-8407-00000000A301}68128028C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000033354Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:26:06.739{E983936C-B3A0-6006-2B00-00000000A301}2256C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x800000000000000033353Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:26:06.739{E983936C-B3A0-6006-2B00-00000000A301}2256C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\194FB71A-2A2E-4F97-8266-02E138A28647\Config SourceDWORD (0x00000001) 13241300x800000000000000033352Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-SetValue2021-01-19 13:26:06.739{E983936C-B3A0-6006-2B00-00000000A301}2256C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\194FB71A-2A2E-4F97-8266-02E138A28647\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_194FB71A-2A2E-4F97-8266-02E138A28647.XML 10341000x800000000000000033358Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:15.771{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000033357Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:15.771{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000033356Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:15.692{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000033355Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:15.692{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000033360Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:16.192{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000033359Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:16.192{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-CD5F-6006-8607-00000000A301}4500C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000033368Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:18.869{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDFA-6006-9109-00000000A301}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033367Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:18.867{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033366Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:18.867{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033365Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:18.867{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033364Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:18.867{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033363Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:18.866{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DDFA-6006-9109-00000000A301}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033362Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:18.866{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDFA-6006-9109-00000000A301}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033361Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:18.865{E983936C-DDFA-6006-9109-00000000A301}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033377Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:19.671{E983936C-DDFB-6006-9209-00000000A301}53647108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033376Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:19.536{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDFB-6006-9209-00000000A301}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033375Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:19.536{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033374Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:19.536{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033373Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:19.536{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033372Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:19.536{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033371Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:19.536{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DDFB-6006-9209-00000000A301}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033370Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:19.536{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDFB-6006-9209-00000000A301}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033369Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:19.537{E983936C-DDFB-6006-9209-00000000A301}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033396Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.896{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDFC-6006-9409-00000000A301}7548C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033395Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.896{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033394Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.896{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033393Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.896{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033392Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.896{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033391Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.896{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DDFC-6006-9409-00000000A301}7548C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033390Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.896{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDFC-6006-9409-00000000A301}7548C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033389Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.896{E983936C-DDFC-6006-9409-00000000A301}7548C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033388Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.833{E983936C-CCDD-6006-4607-00000000A301}50803468C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF802132EA8D8)|UNKNOWN(FFFFB111D4834998)|UNKNOWN(FFFFB111D4834B17)|UNKNOWN(FFFFB111D482F1A1)|UNKNOWN(FFFFB111D4830B6A)|UNKNOWN(FFFFB111D482EE26)|UNKNOWN(FFFFF80213001E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000033387Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.833{E983936C-CCDD-6006-4607-00000000A301}50803468C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF802132EA8D8)|UNKNOWN(FFFFB111D4834998)|UNKNOWN(FFFFB111D4834B17)|UNKNOWN(FFFFB111D482F1A1)|UNKNOWN(FFFFB111D4830B6A)|UNKNOWN(FFFFB111D482EE26)|UNKNOWN(FFFFF80213001E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033386Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.349{E983936C-DDFC-6006-9309-00000000A301}49844384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033385Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.208{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDFC-6006-9309-00000000A301}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033384Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.208{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033383Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.208{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033382Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.208{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033381Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.208{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033380Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.208{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DDFC-6006-9309-00000000A301}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033379Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.208{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDFC-6006-9309-00000000A301}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033378Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:20.209{E983936C-DDFC-6006-9309-00000000A301}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033406Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.396{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDFD-6006-9509-00000000A301}6616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033405Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.396{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033404Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.396{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033403Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.396{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033402Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.396{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033401Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.396{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DDFD-6006-9509-00000000A301}6616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033400Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.396{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDFD-6006-9509-00000000A301}6616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033399Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.397{E983936C-DDFD-6006-9509-00000000A301}6616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033398Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.396{E983936C-B38F-6006-0D00-00000000A301}9926692C:\Windows\system32\svchost.exe{E983936C-CCDC-6006-3A07-00000000A301}1108C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033397Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:21.052{E983936C-DDFC-6006-9409-00000000A301}75481116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033415Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:22.208{E983936C-DDFE-6006-9609-00000000A301}64485760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033414Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:22.071{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DDFE-6006-9609-00000000A301}6448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033413Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:22.070{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033412Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:22.070{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033411Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:22.070{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033410Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:22.069{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033409Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:22.069{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DDFE-6006-9609-00000000A301}6448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033408Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:22.069{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DDFE-6006-9609-00000000A301}6448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033407Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:22.068{E983936C-DDFE-6006-9609-00000000A301}6448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033423Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:25.849{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE01-6006-9709-00000000A301}7576C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033422Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:25.849{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033421Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:25.849{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033420Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:25.849{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033419Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:25.849{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033418Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:25.849{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DE01-6006-9709-00000000A301}7576C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033417Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:25.849{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE01-6006-9709-00000000A301}7576C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033416Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:25.849{E983936C-DE01-6006-9709-00000000A301}7576C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033425Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:32.536{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-D0E5-6006-0C08-00000000A301}4648C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ca7|C:\Program Files\Mozilla Firefox\xul.dll+a853c6|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033424Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:32.536{E983936C-CD5C-6006-8407-00000000A301}68126732C:\Program Files\Mozilla Firefox\firefox.exe{E983936C-DDC9-6006-9009-00000000A301}6048C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ca7|C:\Program Files\Mozilla Firefox\xul.dll+a853c6|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033431Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:41.666{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D08F-6006-FB07-00000000A301}4936C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033430Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:41.666{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D08F-6006-FB07-00000000A301}4936C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033429Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:41.664{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D08F-6006-FC07-00000000A301}4924C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033428Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:41.663{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D08F-6006-FC07-00000000A301}4924C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033427Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:41.663{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D08F-6006-FC07-00000000A301}4924C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033426Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:41.663{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D08F-6006-FC07-00000000A301}4924C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000033432Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:43.224{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yhh85cpg.default-release\SiteSecurityServiceState.txt2021-01-19 12:20:27.779 10341000x800000000000000033438Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:57.943{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033437Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:57.943{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D083-6006-F807-00000000A301}7900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033436Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:57.943{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033435Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:57.943{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033434Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:57.943{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033433Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:26:57.943{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D083-6006-F907-00000000A301}8048C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033444Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:03.553{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D08F-6006-FB07-00000000A301}4936C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15eb9|C:\Windows\System32\SHELL32.dll+b07e0|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033443Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:03.553{E983936C-CCDD-6006-4607-00000000A301}50807784C:\Windows\Explorer.EXE{E983936C-D08F-6006-FB07-00000000A301}4936C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033442Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:03.553{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D08F-6006-FC07-00000000A301}4924C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033441Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:03.553{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D08F-6006-FC07-00000000A301}4924C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033440Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:03.553{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D08F-6006-FC07-00000000A301}4924C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033439Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:03.553{E983936C-CCDD-6006-4607-00000000A301}50805564C:\Windows\Explorer.EXE{E983936C-D08F-6006-FC07-00000000A301}4924C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000033454Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.965{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_1py4clft.gbo.ps12021-01-19 13:27:04.965 10341000x800000000000000033453Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.943{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033452Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.912{E983936C-D08F-6006-FC07-00000000A301}49244896C:\Windows\system32\conhost.exe{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033451Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.912{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033450Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.912{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033449Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.912{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033448Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.912{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033447Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.912{E983936C-CCD9-6006-3007-00000000A301}36486256C:\Windows\system32\csrss.exe{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033446Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.912{E983936C-D08F-6006-FB07-00000000A301}49364940C:\Windows\system32\cmd.exe{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033445Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.921{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe -Exec bypass -enc VwByAGkAdABlAC0ASABvAHMAdAAgACIASABlAGwAbABvACAAVwBvAHIAbABkACIAC:\Users\Administrator\ATTACKRANGE\Administrator{E983936C-CCDB-6006-3B2A-3C0000000000}0x3c2a3b2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{E983936C-D08F-6006-FB07-00000000A301}4936C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 10341000x800000000000000033458Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:05.037{E983936C-B390-6006-1600-00000000A301}15281700C:\Windows\system32\svchost.exe{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033457Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:05.037{E983936C-B390-6006-1600-00000000A301}15281568C:\Windows\system32\svchost.exe{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033456Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.990{E983936C-B38D-6006-0B00-00000000A301}8526568C:\Windows\system32\lsass.exe{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033455Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:04.990{E983936C-B38D-6006-0B00-00000000A301}8526568C:\Windows\system32\lsass.exe{E983936C-DE28-6006-9809-00000000A301}5948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033466Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:18.897{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE36-6006-9909-00000000A301}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033465Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:18.897{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033464Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:18.897{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033463Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:18.897{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033462Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:18.897{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033461Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:18.897{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DE36-6006-9909-00000000A301}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033460Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:18.897{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE36-6006-9909-00000000A301}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033459Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:18.897{E983936C-DE36-6006-9909-00000000A301}5860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033475Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:19.709{E983936C-DE37-6006-9A09-00000000A301}79927532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033474Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:19.572{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE37-6006-9A09-00000000A301}7992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033473Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:19.571{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033472Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:19.571{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033471Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:19.570{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033470Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:19.570{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033469Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:19.570{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DE37-6006-9A09-00000000A301}7992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033468Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:19.570{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE37-6006-9A09-00000000A301}7992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033467Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:19.569{E983936C-DE37-6006-9A09-00000000A301}7992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033492Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.912{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE38-6006-9C09-00000000A301}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033491Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.912{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033490Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.912{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033489Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.912{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033488Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.912{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033487Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.912{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DE38-6006-9C09-00000000A301}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033486Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.912{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE38-6006-9C09-00000000A301}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033485Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.913{E983936C-DE38-6006-9C09-00000000A301}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033484Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.372{E983936C-DE38-6006-9B09-00000000A301}79843872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033483Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.240{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE38-6006-9B09-00000000A301}7984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033482Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.240{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033481Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.240{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033480Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.240{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033479Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.240{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033478Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.240{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DE38-6006-9B09-00000000A301}7984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033477Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.240{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE38-6006-9B09-00000000A301}7984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033476Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:20.241{E983936C-DE38-6006-9B09-00000000A301}7984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033502Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.740{E983936C-DE39-6006-9D09-00000000A301}59527060C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033501Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.600{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE39-6006-9D09-00000000A301}5952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033500Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.600{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033499Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.600{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033498Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.600{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033497Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.600{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033496Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.600{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DE39-6006-9D09-00000000A301}5952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033495Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.600{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE39-6006-9D09-00000000A301}5952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033494Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.600{E983936C-DE39-6006-9D09-00000000A301}5952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033493Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:21.072{E983936C-DE38-6006-9C09-00000000A301}11247708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033510Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:22.272{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE3A-6006-9E09-00000000A301}6980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033509Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:22.272{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033508Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:22.272{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033507Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:22.272{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033506Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:22.272{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033505Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:22.272{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DE3A-6006-9E09-00000000A301}6980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033504Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:22.272{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE3A-6006-9E09-00000000A301}6980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033503Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:22.272{E983936C-DE3A-6006-9E09-00000000A301}6980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033518Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:25.869{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE3D-6006-9F09-00000000A301}1548C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033517Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:25.868{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033516Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:25.868{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033515Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:25.867{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033514Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:25.867{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033513Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:25.867{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DE3D-6006-9F09-00000000A301}1548C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033512Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:25.867{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE3D-6006-9F09-00000000A301}1548C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033511Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:25.866{E983936C-DE3D-6006-9F09-00000000A301}1548C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033521Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:39.803{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B390-6006-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033520Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:39.803{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B390-6006-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033519Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:39.803{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B390-6006-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033523Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:43.757{E983936C-B38F-6006-0D00-00000000A301}9926692C:\Windows\system32\svchost.exe{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033522Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:43.757{E983936C-B38F-6006-0D00-00000000A301}9926692C:\Windows\system32\svchost.exe{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033524Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:27:57.819{E983936C-B38F-6006-0D00-00000000A301}9926692C:\Windows\system32\svchost.exe{E983936C-CFB9-6006-DF07-00000000A301}4672C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033532Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:18.914{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE72-6006-A009-00000000A301}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033531Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:18.914{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033530Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:18.914{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033529Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:18.914{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033528Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:18.914{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033527Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:18.914{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DE72-6006-A009-00000000A301}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033526Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:18.914{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE72-6006-A009-00000000A301}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033525Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:18.914{E983936C-DE72-6006-A009-00000000A301}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033543Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.820{E983936C-B38D-6006-0B00-00000000A301}8525052C:\Windows\system32\lsass.exe{E983936C-B38B-6006-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000033542Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.742{E983936C-DE73-6006-A109-00000000A301}49287408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033541Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.601{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE73-6006-A109-00000000A301}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033540Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.601{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033539Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.601{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033538Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.601{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033537Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.601{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033536Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.601{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DE73-6006-A109-00000000A301}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033535Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.601{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE73-6006-A109-00000000A301}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033534Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.602{E983936C-DE73-6006-A109-00000000A301}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033533Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:19.054{E983936C-DE72-6006-A009-00000000A301}51087520C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033563Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.992{E983936C-DE74-6006-A309-00000000A301}79801456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033562Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.851{E983936C-CCDD-6006-4607-00000000A301}50803468C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF802132EA8D8)|UNKNOWN(FFFFB111D4834998)|UNKNOWN(FFFFB111D4834B17)|UNKNOWN(FFFFB111D482F1A1)|UNKNOWN(FFFFB111D4830B6A)|UNKNOWN(FFFFB111D482EE26)|UNKNOWN(FFFFF80213001E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000033561Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.851{E983936C-CCDD-6006-4607-00000000A301}50803468C:\Windows\Explorer.EXE{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF802132EA8D8)|UNKNOWN(FFFFB111D4834998)|UNKNOWN(FFFFB111D4834B17)|UNKNOWN(FFFFB111D482F1A1)|UNKNOWN(FFFFB111D4830B6A)|UNKNOWN(FFFFB111D482EE26)|UNKNOWN(FFFFF80213001E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033560Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.835{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE74-6006-A309-00000000A301}7980C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033559Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.835{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033558Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.835{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033557Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.835{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033556Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.835{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033555Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.835{E983936C-B38D-6006-0500-00000000A301}636652C:\Windows\system32\csrss.exe{E983936C-DE74-6006-A309-00000000A301}7980C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033554Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.835{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE74-6006-A309-00000000A301}7980C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033553Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.837{E983936C-DE74-6006-A309-00000000A301}7980C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033552Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.373{E983936C-DE74-6006-A209-00000000A301}41166952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033551Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.226{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE74-6006-A209-00000000A301}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033550Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.226{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033549Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.226{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033548Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.226{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033547Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.226{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033546Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.226{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DE74-6006-A209-00000000A301}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033545Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.226{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE74-6006-A209-00000000A301}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033544Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:20.227{E983936C-DE74-6006-A209-00000000A301}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033573Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.820{E983936C-B38F-6006-0D00-00000000A301}9926692C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3000-00000000A301}2668C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033572Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.820{E983936C-B38F-6006-0D00-00000000A301}9926692C:\Windows\system32\svchost.exe{E983936C-CD5C-6006-8407-00000000A301}6812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033571Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.492{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE75-6006-A409-00000000A301}7108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033570Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.492{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033569Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.492{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033568Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.492{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033567Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.492{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033566Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.492{E983936C-B38D-6006-0500-00000000A301}6361176C:\Windows\system32\csrss.exe{E983936C-DE75-6006-A409-00000000A301}7108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033565Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.492{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE75-6006-A409-00000000A301}7108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033564Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:21.493{E983936C-DE75-6006-A409-00000000A301}7108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033608Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3000-00000000A301}2668C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033607Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3000-00000000A301}2668C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033606Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033605Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033604Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033603Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033602Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033601Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033600Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033599Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEA-6006-5B07-00000000A301}5624C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033598Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033597Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033596Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCEC-6006-5C07-00000000A301}5768C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033595Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033594Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033593Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033592Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033591Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033590Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033589Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033588Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033587Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033586Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033585Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033584Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033583Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033582Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.414{E983936C-B38F-6006-0D00-00000000A301}992484C:\Windows\system32\svchost.exe{E983936C-CCDD-6006-4607-00000000A301}5080C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033581Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.167{E983936C-B439-6006-B800-00000000A301}42842884C:\Windows\system32\conhost.exe{E983936C-DE76-6006-A509-00000000A301}6052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033580Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.166{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033579Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.165{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033578Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.165{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033577Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.165{E983936C-B38F-6006-0C00-00000000A301}5926772C:\Windows\system32\svchost.exe{E983936C-B3A0-6006-3100-00000000A301}2052C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033576Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.165{E983936C-B38D-6006-0500-00000000A301}636752C:\Windows\system32\csrss.exe{E983936C-DE76-6006-A509-00000000A301}6052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000033575Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.165{E983936C-B438-6006-B400-00000000A301}44122852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{E983936C-DE76-6006-A509-00000000A301}6052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000033574Microsoft-Windows-Sysmon/Operationalwin-dc-397.attackrange.local-2021-01-19 13:28:22.164{E983936C-DE76-6006-A509-00000000A301}6052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{E983936C-B38E-6006-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{E983936C-B438-6006-B400-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service