10341000x800000000000000014443Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:07.026{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014444Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:08.042{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014445Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:09.058{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014447Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:10.886{573C7F3B-9D05-5FAA-0D00-000000008801}9882596C:\Windows\system32\svchost.exe{573C7F3B-9D83-5FAA-9300-000000008801}4892C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014446Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:10.073{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014448Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:11.089{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014449Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:12.104{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014450Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:13.120{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014451Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:14.136{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014452Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:15.151{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014453Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:16.151{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014454Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:17.167{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014455Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:18.183{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014456Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:19.198{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014457Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:20.198{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014458Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:21.214{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014459Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:22.229{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014460Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:23.229{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014461Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:24.245{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014462Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:25.261{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014463Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:26.261{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014464Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:27.276{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014465Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:28.292{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014466Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:29.308{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014467Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:30.323{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014468Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:31.339{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014469Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:32.354{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014470Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:33.370{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014479Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:34.933{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A2DE-5FAA-8406-000000008801}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014478Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:34.933{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014477Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:34.933{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014476Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:34.933{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014475Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:34.933{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014474Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:34.933{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A2DE-5FAA-8406-000000008801}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014473Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:34.933{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A2DE-5FAA-8406-000000008801}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014472Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:34.933{573C7F3B-A2DE-5FAA-8406-000000008801}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014471Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:34.386{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014489Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.745{573C7F3B-A2DF-5FAA-8506-000000008801}65965396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014488Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.604{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A2DF-5FAA-8506-000000008801}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014487Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.604{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014486Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.604{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014485Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.604{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014484Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.604{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014483Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.604{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A2DF-5FAA-8506-000000008801}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014482Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.604{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A2DF-5FAA-8506-000000008801}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014481Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.605{573C7F3B-A2DF-5FAA-8506-000000008801}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014480Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:35.401{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014498Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:36.417{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014497Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:36.276{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A2E0-5FAA-8606-000000008801}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014496Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:36.276{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014495Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:36.276{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014494Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:36.276{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014493Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:36.276{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014492Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:36.276{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A2E0-5FAA-8606-000000008801}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014491Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:36.276{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A2E0-5FAA-8606-000000008801}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014490Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:36.277{573C7F3B-A2E0-5FAA-8606-000000008801}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014508Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.433{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014507Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.417{573C7F3B-A2E1-5FAA-8706-000000008801}21084552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014506Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.276{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A2E1-5FAA-8706-000000008801}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014505Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.276{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014504Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.276{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014503Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.276{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014502Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.276{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014501Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.276{573C7F3B-9D03-5FAA-0500-000000008801}6401152C:\Windows\system32\csrss.exe{573C7F3B-A2E1-5FAA-8706-000000008801}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014500Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.276{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A2E1-5FAA-8706-000000008801}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014499Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:37.277{573C7F3B-A2E1-5FAA-8706-000000008801}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014526Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.901{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A2E2-5FAA-8906-000000008801}6672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014525Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.901{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014524Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.901{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014523Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.901{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014522Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.901{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014521Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.901{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A2E2-5FAA-8906-000000008801}6672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014520Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.901{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A2E2-5FAA-8906-000000008801}6672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014519Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.902{573C7F3B-A2E2-5FAA-8906-000000008801}6672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014518Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.448{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014517Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.354{573C7F3B-A2E2-5FAA-8806-000000008801}48204824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014516Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.229{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A2E2-5FAA-8806-000000008801}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014515Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.229{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014514Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.229{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014513Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.229{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014512Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.229{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014511Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.229{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A2E2-5FAA-8806-000000008801}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014510Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.229{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A2E2-5FAA-8806-000000008801}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014509Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:38.230{573C7F3B-A2E2-5FAA-8806-000000008801}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014536Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.979{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A2E3-5FAA-8A06-000000008801}7024C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014535Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.979{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014534Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.979{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014533Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.979{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014532Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.979{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014531Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.979{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A2E3-5FAA-8A06-000000008801}7024C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014530Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.979{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A2E3-5FAA-8A06-000000008801}7024C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014529Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.980{573C7F3B-A2E3-5FAA-8A06-000000008801}7024C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014528Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.464{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014527Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:39.042{573C7F3B-A2E2-5FAA-8906-000000008801}66724260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014566Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014565Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014564Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014563Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014562Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014561Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014560Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014559Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014558Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014557Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014556Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014555Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014554Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014553Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014552Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014551Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014550Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014549Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014548Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014547Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014546Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014545Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014544Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014543Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014542Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014541Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014540Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014539Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014538Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.995{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014537Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:40.479{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014567Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:41.495{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014568Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:42.511{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014569Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:43.526{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014570Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:44.542{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014571Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:45.558{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014572Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:46.573{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014573Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:47.589{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014574Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:48.604{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014575Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:49.620{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014576Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:50.636{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014577Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:51.651{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014578Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:52.667{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014579Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:53.683{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014580Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:54.698{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014581Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:55.714{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014582Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:56.729{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014583Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:57.745{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014584Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:58.761{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014585Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:25:59.761{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014586Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:00.776{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014587Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:01.792{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014588Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:02.808{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014589Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:03.823{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014590Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:04.839{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014591Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:05.854{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014592Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:06.870{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014593Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:07.886{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014594Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:08.901{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014595Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:09.917{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014596Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:10.932{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014597Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:11.948{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014598Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:12.964{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014599Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:13.979{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014600Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:14.995{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014601Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:16.011{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014602Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:17.026{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014603Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:18.042{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014604Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:19.058{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014605Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:20.073{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014606Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:21.089{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014607Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:22.104{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014608Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:23.120{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014609Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:24.136{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014610Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:25.151{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014611Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:26.167{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014612Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:27.183{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014613Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:28.198{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014614Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:29.214{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014615Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:30.229{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014616Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:31.245{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014617Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:32.261{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014618Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:33.276{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014627Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:34.839{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A31A-5FAA-8B06-000000008801}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014626Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:34.839{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014625Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:34.839{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014624Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:34.839{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014623Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:34.839{573C7F3B-9D05-5FAA-0C00-000000008801}592644C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014622Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:34.839{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A31A-5FAA-8B06-000000008801}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014621Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:34.839{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A31A-5FAA-8B06-000000008801}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014620Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:34.840{573C7F3B-A31A-5FAA-8B06-000000008801}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014619Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:34.276{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014637Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.636{573C7F3B-A31B-5FAA-8C06-000000008801}56446712C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014636Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.511{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A31B-5FAA-8C06-000000008801}5644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014635Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.511{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014634Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.511{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014633Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.511{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014632Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.511{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014631Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.511{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A31B-5FAA-8C06-000000008801}5644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014630Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.511{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A31B-5FAA-8C06-000000008801}5644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014629Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.511{573C7F3B-A31B-5FAA-8C06-000000008801}5644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014628Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:35.292{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014646Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:36.307{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014645Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:36.182{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A31C-5FAA-8D06-000000008801}6664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014644Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:36.182{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014643Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:36.182{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014642Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:36.182{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014641Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:36.182{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014640Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:36.182{573C7F3B-9D03-5FAA-0500-000000008801}6401152C:\Windows\system32\csrss.exe{573C7F3B-A31C-5FAA-8D06-000000008801}6664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014639Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:36.182{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A31C-5FAA-8D06-000000008801}6664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014638Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:36.183{573C7F3B-A31C-5FAA-8D06-000000008801}6664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014656Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.433{573C7F3B-A31D-5FAA-8E06-000000008801}15924044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014655Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.323{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014654Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.292{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A31D-5FAA-8E06-000000008801}1592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014653Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.292{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014652Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.292{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014651Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.292{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014650Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.292{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014649Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.292{573C7F3B-9D03-5FAA-0500-000000008801}6401152C:\Windows\system32\csrss.exe{573C7F3B-A31D-5FAA-8E06-000000008801}1592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014648Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.292{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A31D-5FAA-8E06-000000008801}1592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014647Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:37.293{573C7F3B-A31D-5FAA-8E06-000000008801}1592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014675Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.917{573C7F3B-A31E-5FAA-9006-000000008801}52126752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014674Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.776{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A31E-5FAA-9006-000000008801}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014673Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.776{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014672Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.776{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014671Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.776{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014670Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.776{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014669Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.776{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A31E-5FAA-9006-000000008801}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014668Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.776{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A31E-5FAA-9006-000000008801}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014667Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.778{573C7F3B-A31E-5FAA-9006-000000008801}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014666Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.370{573C7F3B-A31E-5FAA-8F06-000000008801}20726968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014665Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.339{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014664Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.229{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A31E-5FAA-8F06-000000008801}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014663Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.229{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014662Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.229{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014661Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.229{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014660Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.229{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014659Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.229{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A31E-5FAA-8F06-000000008801}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014658Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.229{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A31E-5FAA-8F06-000000008801}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014657Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:38.230{573C7F3B-A31E-5FAA-8F06-000000008801}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014684Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:39.917{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A31F-5FAA-9106-000000008801}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014683Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:39.917{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014682Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:39.917{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014681Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:39.917{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014680Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:39.917{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014679Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:39.917{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A31F-5FAA-9106-000000008801}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014678Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:39.917{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A31F-5FAA-9106-000000008801}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014677Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:39.918{573C7F3B-A31F-5FAA-9106-000000008801}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014676Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:39.354{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014685Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:40.370{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014686Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:41.386{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014687Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:42.401{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014688Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:43.417{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014689Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:44.432{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014690Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:45.448{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014691Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:46.464{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014692Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:47.479{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014693Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:48.495{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014694Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:49.511{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014695Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:50.526{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014696Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:51.542{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014716Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.557{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014715Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.136{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-A32C-5FAA-9306-000000008801}4028C:\Windows\system32\cscript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+2e43b|C:\Windows\System32\RPCRT4.dll+6213a|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014714Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-9D05-5FAA-0F00-000000008801}11281912C:\Windows\system32\svchost.exe{573C7F3B-A32C-5FAA-9306-000000008801}4028C:\Windows\system32\cscript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014713Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-9D05-5FAA-0F00-000000008801}11281612C:\Windows\system32\svchost.exe{573C7F3B-A32C-5FAA-9306-000000008801}4028C:\Windows\system32\cscript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014712Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-9DA9-5FAA-BE00-000000008801}67206736C:\Windows\system32\conhost.exe{573C7F3B-A32C-5FAA-9306-000000008801}4028C:\Windows\system32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014711Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014710Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014709Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014708Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-9D81-5FAA-8900-000000008801}18364676C:\Windows\system32\csrss.exe{573C7F3B-A32C-5FAA-9306-000000008801}4028C:\Windows\system32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014707Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014706Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-A32C-5FAA-9206-000000008801}66282928C:\Windows\system32\cmd.exe{573C7F3B-A32C-5FAA-9306-000000008801}4028C:\Windows\system32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014705Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.120{573C7F3B-A32C-5FAA-9306-000000008801}4028C:\Windows\System32\cscript.exe5.812.10240.16384Microsoft ® Console Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationcscript.execscript.exe /BC:\Windows\system32\ATTACKRANGE\Administrator{573C7F3B-9D82-5FAA-B2E8-050000000000}0x5e8b22HighMD5=8552F94CFD39A4C307BCD1BD88D41604,SHA256=6216383428EAB3292C5590C70D24B33A7D84FBF1C463E331C40F052E6EA356FE,IMPHASH=77838A7D26CC1C7050C41CF6165BAD0E{573C7F3B-A32C-5FAA-9206-000000008801}6628C:\Windows\System32\cmd.execmd.exe /c cscript.exe /B 10341000x800000000000000014704Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.104{573C7F3B-9DA9-5FAA-BE00-000000008801}67206736C:\Windows\system32\conhost.exe{573C7F3B-A32C-5FAA-9206-000000008801}6628C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014703Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.104{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014702Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.104{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014701Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.104{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014700Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.104{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014699Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.104{573C7F3B-9D81-5FAA-8900-000000008801}18364676C:\Windows\system32\csrss.exe{573C7F3B-A32C-5FAA-9206-000000008801}6628C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014698Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.104{573C7F3B-9DA9-5FAA-BD00-000000008801}67846780C:\Windows\System32\cmd.exe{573C7F3B-A32C-5FAA-9206-000000008801}6628C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+1ace3|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014697Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:52.110{573C7F3B-A32C-5FAA-9206-000000008801}6628C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exe /c cscript.exe /BC:\Windows\system32\ATTACKRANGE\Administrator{573C7F3B-9D82-5FAA-B2E8-050000000000}0x5e8b22HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{573C7F3B-9DA9-5FAA-BD00-000000008801}6784C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" 10341000x800000000000000014717Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:53.573{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014718Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:54.589{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014719Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:55.604{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014720Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:56.620{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014721Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:57.636{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014722Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:58.651{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014723Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:26:59.667{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014724Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:00.682{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014725Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:01.698{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014726Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:02.714{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014727Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:03.729{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014728Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:04.745{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014729Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:05.761{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014730Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:06.776{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014731Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:07.792{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014732Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:08.807{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014733Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:09.823{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014734Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:10.839{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014735Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:11.854{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014736Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:12.870{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014737Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:13.885{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014738Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:14.901{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014739Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:15.917{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014740Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:16.932{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014760Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.932{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014759Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-A345-5FAA-9506-000000008801}7088C:\Windows\system32\cscript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+2e43b|C:\Windows\System32\RPCRT4.dll+6213a|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014758Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D05-5FAA-0F00-000000008801}11281912C:\Windows\system32\svchost.exe{573C7F3B-A345-5FAA-9506-000000008801}7088C:\Windows\system32\cscript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014757Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D05-5FAA-0F00-000000008801}11281612C:\Windows\system32\svchost.exe{573C7F3B-A345-5FAA-9506-000000008801}7088C:\Windows\system32\cscript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014756Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9DA9-5FAA-BE00-000000008801}67206736C:\Windows\system32\conhost.exe{573C7F3B-A345-5FAA-9506-000000008801}7088C:\Windows\system32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014755Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014754Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014753Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014752Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014751Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D81-5FAA-8900-000000008801}1836732C:\Windows\system32\csrss.exe{573C7F3B-A345-5FAA-9506-000000008801}7088C:\Windows\system32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014750Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-A345-5FAA-9406-000000008801}7044208C:\Windows\system32\cmd.exe{573C7F3B-A345-5FAA-9506-000000008801}7088C:\Windows\system32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014749Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.703{573C7F3B-A345-5FAA-9506-000000008801}7088C:\Windows\System32\cscript.exe5.812.10240.16384Microsoft ® Console Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationcscript.execscript.exe /BC:\Windows\system32\ATTACKRANGE\Administrator{573C7F3B-9D82-5FAA-B2E8-050000000000}0x5e8b22HighMD5=8552F94CFD39A4C307BCD1BD88D41604,SHA256=6216383428EAB3292C5590C70D24B33A7D84FBF1C463E331C40F052E6EA356FE,IMPHASH=77838A7D26CC1C7050C41CF6165BAD0E{573C7F3B-A345-5FAA-9406-000000008801}7044C:\Windows\System32\cmd.execmd.exe /c cscript.exe /B 10341000x800000000000000014748Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9DA9-5FAA-BE00-000000008801}67206736C:\Windows\system32\conhost.exe{573C7F3B-A345-5FAA-9406-000000008801}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014747Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014746Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.698{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014745Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.682{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014744Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.682{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014743Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.682{573C7F3B-9D81-5FAA-8900-000000008801}1836732C:\Windows\system32\csrss.exe{573C7F3B-A345-5FAA-9406-000000008801}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014742Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.682{573C7F3B-9DA9-5FAA-BD00-000000008801}67846780C:\Windows\System32\cmd.exe{573C7F3B-A345-5FAA-9406-000000008801}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+1ace3|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014741Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:17.696{573C7F3B-A345-5FAA-9406-000000008801}7044C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exe /c cscript.exe /BC:\Windows\system32\ATTACKRANGE\Administrator{573C7F3B-9D82-5FAA-B2E8-050000000000}0x5e8b22HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{573C7F3B-9DA9-5FAA-BD00-000000008801}6784C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" 10341000x800000000000000014761Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:18.948{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014762Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:19.964{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014763Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:20.979{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014764Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:21.995{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014765Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:23.010{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014766Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:24.026{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014767Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:25.042{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014768Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:26.057{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014769Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:27.073{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014770Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:28.088{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014771Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:29.104{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014772Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:30.120{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014773Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:31.135{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014774Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:32.135{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014775Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:33.151{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014784Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:34.729{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A356-5FAA-9606-000000008801}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014783Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:34.729{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014782Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:34.729{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014781Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:34.729{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014780Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:34.729{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014779Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:34.729{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A356-5FAA-9606-000000008801}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014778Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:34.729{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A356-5FAA-9606-000000008801}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014777Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:34.730{573C7F3B-A356-5FAA-9606-000000008801}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014776Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:34.167{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014794Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.542{573C7F3B-A357-5FAA-9706-000000008801}54286092C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014793Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.401{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A357-5FAA-9706-000000008801}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014792Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.401{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014791Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.401{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014790Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.401{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014789Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.401{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014788Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.401{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A357-5FAA-9706-000000008801}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014787Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.401{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A357-5FAA-9706-000000008801}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014786Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.402{573C7F3B-A357-5FAA-9706-000000008801}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014785Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:35.182{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014803Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:36.198{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014802Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:36.073{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A358-5FAA-9806-000000008801}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014801Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:36.073{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014800Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:36.073{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014799Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:36.073{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014798Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:36.073{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014797Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:36.073{573C7F3B-9D03-5FAA-0500-000000008801}6401152C:\Windows\system32\csrss.exe{573C7F3B-A358-5FAA-9806-000000008801}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014796Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:36.073{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A358-5FAA-9806-000000008801}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014795Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:36.074{573C7F3B-A358-5FAA-9806-000000008801}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014813Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.463{573C7F3B-A359-5FAA-9906-000000008801}31926472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014812Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.323{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A359-5FAA-9906-000000008801}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014811Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.323{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014810Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.323{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014809Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.323{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014808Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.323{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014807Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.323{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A359-5FAA-9906-000000008801}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014806Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.323{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A359-5FAA-9906-000000008801}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014805Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.324{573C7F3B-A359-5FAA-9906-000000008801}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014804Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:37.198{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014831Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.932{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A35A-5FAA-9B06-000000008801}6476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014830Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.932{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014829Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.932{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014828Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.932{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014827Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.932{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014826Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.932{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A35A-5FAA-9B06-000000008801}6476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014825Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.932{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A35A-5FAA-9B06-000000008801}6476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014824Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.933{573C7F3B-A35A-5FAA-9B06-000000008801}6476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014823Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.401{573C7F3B-A35A-5FAA-9A06-000000008801}27441268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014822Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.260{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A35A-5FAA-9A06-000000008801}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014821Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.260{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014820Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.260{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014819Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.260{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014818Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.260{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014817Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.260{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A35A-5FAA-9A06-000000008801}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014816Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.260{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A35A-5FAA-9A06-000000008801}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014815Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.261{573C7F3B-A35A-5FAA-9A06-000000008801}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014814Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:38.213{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014841Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.932{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A35B-5FAA-9C06-000000008801}1148C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014840Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.932{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014839Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.932{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014838Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.932{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014837Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.932{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014836Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.932{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A35B-5FAA-9C06-000000008801}1148C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014835Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.932{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A35B-5FAA-9C06-000000008801}1148C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014834Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.933{573C7F3B-A35B-5FAA-9C06-000000008801}1148C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014833Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.229{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014832Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:39.073{573C7F3B-A35A-5FAA-9B06-000000008801}64764248C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014842Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:40.245{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014843Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:41.260{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014873Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.276{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014872Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014871Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014870Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014869Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014868Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014867Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014866Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014865Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014864Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014863Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014862Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014861Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014860Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014859Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014858Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014857Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014856Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014855Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014854Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014853Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014852Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014851Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014850Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014849Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014848Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014847Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014846Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014845Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014844Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:42.010{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014874Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:43.292{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014875Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:44.307{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014877Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:45.323{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014876Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:45.073{573C7F3B-9D03-5FAA-0B00-000000008801}8564972C:\Windows\system32\lsass.exe{573C7F3B-9D02-5FAA-0100-000000008801}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000014878Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:46.338{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014879Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:47.338{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014880Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:48.338{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014881Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:49.354{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014882Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:50.354{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014883Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:51.370{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014884Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:52.370{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014885Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:53.385{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014886Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:54.401{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014887Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:55.416{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014891Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:56.432{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014890Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:56.010{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D05-5FAA-1600-000000008801}1572C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014889Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:56.010{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D05-5FAA-1600-000000008801}1572C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014888Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:56.010{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D05-5FAA-1600-000000008801}1572C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014892Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:57.448{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014893Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:58.448{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014894Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:27:59.463{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014895Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:00.463{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014896Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:01.479{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014897Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:02.495{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014898Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:03.510{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014899Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:04.510{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014900Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:05.526{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014901Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:06.526{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014902Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:07.541{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014903Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:08.557{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014904Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:09.573{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014905Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:10.573{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014906Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:11.588{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014907Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:12.588{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014908Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:13.604{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014909Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:14.619{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014910Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:15.619{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014911Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:16.619{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014912Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:17.635{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014913Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:18.635{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014914Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:19.651{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014915Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:20.651{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014916Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:21.666{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014917Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:22.682{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014918Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:23.698{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014919Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:24.713{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014920Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:25.729{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014921Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:26.729{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014922Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:27.744{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014923Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:28.744{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014924Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:29.760{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014925Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:30.760{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014926Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:31.776{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014927Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:32.791{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014928Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:33.807{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014937Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:34.822{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014936Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:34.744{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A392-5FAA-9D06-000000008801}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014935Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:34.744{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014934Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:34.744{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014933Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:34.744{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014932Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:34.744{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014931Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:34.744{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A392-5FAA-9D06-000000008801}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014930Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:34.744{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A392-5FAA-9D06-000000008801}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014929Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:34.745{573C7F3B-A392-5FAA-9D06-000000008801}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014947Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.822{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014946Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.494{573C7F3B-A393-5FAA-9E06-000000008801}60485648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014945Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.354{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A393-5FAA-9E06-000000008801}6048C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014944Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.354{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014943Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.354{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014942Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.354{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014941Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.354{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014940Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.354{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A393-5FAA-9E06-000000008801}6048C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014939Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.354{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A393-5FAA-9E06-000000008801}6048C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014938Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:35.355{573C7F3B-A393-5FAA-9E06-000000008801}6048C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014956Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:36.838{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014955Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:36.026{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A394-5FAA-9F06-000000008801}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014954Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:36.026{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014953Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:36.026{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014952Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:36.026{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014951Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:36.026{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014950Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:36.026{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A394-5FAA-9F06-000000008801}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014949Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:36.026{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A394-5FAA-9F06-000000008801}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014948Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:36.026{573C7F3B-A394-5FAA-9F06-000000008801}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014966Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.854{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014965Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.479{573C7F3B-A395-5FAA-A006-000000008801}60964188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014964Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.338{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A395-5FAA-A006-000000008801}6096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014963Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.338{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014962Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.338{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014961Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.338{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014960Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.338{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014959Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.338{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A395-5FAA-A006-000000008801}6096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014958Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.338{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A395-5FAA-A006-000000008801}6096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014957Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:37.339{573C7F3B-A395-5FAA-A006-000000008801}6096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014985Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.963{573C7F3B-A396-5FAA-A206-000000008801}49126624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014984Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.869{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014983Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.822{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A396-5FAA-A206-000000008801}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014982Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.822{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014981Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.822{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014980Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.822{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014979Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.822{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014978Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.822{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A396-5FAA-A206-000000008801}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014977Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.822{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A396-5FAA-A206-000000008801}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014976Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.823{573C7F3B-A396-5FAA-A206-000000008801}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014975Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.291{573C7F3B-A396-5FAA-A106-000000008801}2164260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014974Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.151{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A396-5FAA-A106-000000008801}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014973Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.151{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014972Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.151{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014971Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.151{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014970Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.151{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014969Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.151{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A396-5FAA-A106-000000008801}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014968Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.151{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A396-5FAA-A106-000000008801}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014967Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:38.152{573C7F3B-A396-5FAA-A106-000000008801}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014994Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:39.947{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A397-5FAA-A306-000000008801}5176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014993Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:39.947{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014992Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:39.947{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014991Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:39.947{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014990Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:39.947{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014989Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:39.947{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A397-5FAA-A306-000000008801}5176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014988Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:39.947{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A397-5FAA-A306-000000008801}5176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014987Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:39.948{573C7F3B-A397-5FAA-A306-000000008801}5176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014986Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:39.869{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014995Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:40.885{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014996Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:41.900{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014997Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:42.900{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014998Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:43.916{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000014999Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:44.932{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015000Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:45.947{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015001Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:46.963{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015002Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:47.979{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015003Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:48.994{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015004Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:50.010{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015005Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:51.025{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015006Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:52.041{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015007Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:53.057{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015008Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:54.072{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015009Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:55.088{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015010Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:56.104{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015011Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:57.119{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015012Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:58.135{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015013Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:28:59.150{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015014Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:00.166{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015015Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:01.182{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015016Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:02.197{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015017Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:03.213{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015018Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:04.228{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015019Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:05.244{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015020Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:06.260{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015021Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:07.260{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015022Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:08.275{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015023Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:09.291{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015024Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:10.307{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015025Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:11.322{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015026Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:12.338{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015027Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:13.353{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015028Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:14.369{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015029Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:15.385{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015030Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:16.400{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015031Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:17.416{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015032Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:18.431{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015033Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:19.447{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015034Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:20.463{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015035Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:21.478{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015036Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:22.494{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015037Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:23.510{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015038Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:24.510{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015039Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:25.525{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015040Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:26.541{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015041Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:27.556{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015042Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:28.572{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015043Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:29.588{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015044Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:30.603{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015045Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:31.619{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015046Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:32.635{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015047Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:33.650{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015056Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:34.744{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A3CE-5FAA-A406-000000008801}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015055Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:34.744{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015054Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:34.744{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015053Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:34.744{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015052Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:34.744{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015051Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:34.744{573C7F3B-9D03-5FAA-0500-000000008801}6401152C:\Windows\system32\csrss.exe{573C7F3B-A3CE-5FAA-A406-000000008801}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015050Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:34.744{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A3CE-5FAA-A406-000000008801}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015049Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:34.745{573C7F3B-A3CE-5FAA-A406-000000008801}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015048Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:34.666{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015066Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.681{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015065Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.509{573C7F3B-A3CF-5FAA-A506-000000008801}56445180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015064Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.369{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A3CF-5FAA-A506-000000008801}5644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015063Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.369{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015062Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.369{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015061Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.369{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015060Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.369{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015059Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.369{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A3CF-5FAA-A506-000000008801}5644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015058Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.369{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A3CF-5FAA-A506-000000008801}5644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015057Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:35.369{573C7F3B-A3CF-5FAA-A506-000000008801}5644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015075Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:36.697{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015074Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:36.009{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A3D0-5FAA-A606-000000008801}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015073Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:36.009{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015072Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:36.009{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015071Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:36.009{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015070Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:36.009{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015069Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:36.009{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A3D0-5FAA-A606-000000008801}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015068Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:36.009{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A3D0-5FAA-A606-000000008801}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015067Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:36.011{573C7F3B-A3D0-5FAA-A606-000000008801}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015085Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.713{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015084Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.478{573C7F3B-A3D1-5FAA-A706-000000008801}15926724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015083Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.338{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A3D1-5FAA-A706-000000008801}1592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015082Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.338{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015081Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.338{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015080Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.338{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015079Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.338{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015078Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.338{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A3D1-5FAA-A706-000000008801}1592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015077Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.338{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A3D1-5FAA-A706-000000008801}1592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015076Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:37.338{573C7F3B-A3D1-5FAA-A706-000000008801}1592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015104Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.947{573C7F3B-A3D2-5FAA-A906-000000008801}66086640C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015103Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.806{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A3D2-5FAA-A906-000000008801}6608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015102Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.806{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015101Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.806{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015100Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.806{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015099Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.806{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015098Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.806{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A3D2-5FAA-A906-000000008801}6608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015097Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.806{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A3D2-5FAA-A906-000000008801}6608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015096Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.808{573C7F3B-A3D2-5FAA-A906-000000008801}6608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015095Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.728{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015094Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.306{573C7F3B-A3D2-5FAA-A806-000000008801}20726956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015093Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.166{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A3D2-5FAA-A806-000000008801}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015092Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.166{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015091Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.166{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015090Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.166{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015089Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.166{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015088Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.166{573C7F3B-9D03-5FAA-0500-000000008801}6401152C:\Windows\system32\csrss.exe{573C7F3B-A3D2-5FAA-A806-000000008801}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015087Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.166{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A3D2-5FAA-A806-000000008801}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015086Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:38.167{573C7F3B-A3D2-5FAA-A806-000000008801}2072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015113Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:39.947{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A3D3-5FAA-AA06-000000008801}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015112Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:39.947{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015111Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:39.947{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015110Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:39.947{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015109Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:39.947{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015108Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:39.947{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A3D3-5FAA-AA06-000000008801}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015107Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:39.947{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A3D3-5FAA-AA06-000000008801}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015106Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:39.948{573C7F3B-A3D3-5FAA-AA06-000000008801}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015105Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:39.744{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015114Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:40.759{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015115Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:41.775{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015116Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:42.791{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015146Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.806{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015145Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015144Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015143Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015142Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015141Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015140Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015139Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015138Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015137Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015136Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015135Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015134Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015133Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015132Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D84-5FAA-9900-000000008801}3288C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015131Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015130Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015129Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015128Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015127Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015126Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015125Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D96-5FAA-AE00-000000008801}5948C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015124Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015123Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015122Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015121Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015120Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015119Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015118Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015117Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:43.025{573C7F3B-9D05-5FAA-0D00-000000008801}988636C:\Windows\system32\svchost.exe{573C7F3B-9D95-5FAA-AC00-000000008801}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015147Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:44.822{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015148Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:45.838{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015149Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:46.853{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015150Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:47.869{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015151Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:48.884{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015152Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:49.900{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015153Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:50.916{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015154Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:51.931{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015155Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:52.947{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015156Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:53.947{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015157Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:54.962{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015158Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:55.978{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015159Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:56.994{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015160Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:58.009{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015161Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:29:59.025{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015162Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:00.041{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015163Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:01.056{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015164Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:02.072{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015165Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:03.087{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015166Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:04.103{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015167Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:05.119{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015168Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:06.134{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015169Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:07.150{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015170Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:08.166{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015171Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:09.181{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015172Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:10.197{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015173Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:11.212{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015174Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:12.228{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015175Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:13.244{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015176Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:14.259{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015177Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:15.275{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015178Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:16.290{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015179Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:17.306{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015180Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:18.322{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015181Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:19.337{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015182Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:20.353{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015183Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:21.369{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015184Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:22.384{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015185Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:23.400{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015186Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:24.415{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015187Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:25.431{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015188Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:26.447{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015189Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:27.462{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015190Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:28.478{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015191Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:29.494{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015192Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:30.509{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015193Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:31.529{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015194Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:32.545{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015195Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:33.545{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015204Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:34.748{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A40A-5FAA-AB06-000000008801}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015203Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:34.748{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015202Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:34.748{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015201Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:34.748{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015200Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:34.748{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015199Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:34.748{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A40A-5FAA-AB06-000000008801}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015198Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:34.748{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A40A-5FAA-AB06-000000008801}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015197Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:34.749{573C7F3B-A40A-5FAA-AB06-000000008801}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015196Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:34.561{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015214Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.576{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015213Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.514{573C7F3B-A40B-5FAA-AC06-000000008801}54286160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015212Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.373{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A40B-5FAA-AC06-000000008801}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015211Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.373{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015210Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.373{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015209Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.373{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015208Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.373{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015207Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.373{573C7F3B-9D03-5FAA-0500-000000008801}640656C:\Windows\system32\csrss.exe{573C7F3B-A40B-5FAA-AC06-000000008801}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015206Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.373{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A40B-5FAA-AC06-000000008801}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015205Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.374{573C7F3B-A40B-5FAA-AC06-000000008801}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015224Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:36.592{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015223Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:36.155{573C7F3B-9D03-5FAA-0B00-000000008801}8564972C:\Windows\system32\lsass.exe{573C7F3B-9D02-5FAA-0100-000000008801}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000015222Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.998{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A40C-5FAA-AD06-000000008801}628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015221Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.998{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015220Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.998{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015219Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.998{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015218Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.998{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015217Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.998{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A40C-5FAA-AD06-000000008801}628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015216Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:35.998{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A40C-5FAA-AD06-000000008801}628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015215Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:36.000{573C7F3B-A40C-5FAA-AD06-000000008801}628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015236Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.780{573C7F3B-9D05-5FAA-0F00-000000008801}11286728C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-2F00-000000008801}2524C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015235Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.780{573C7F3B-9D05-5FAA-0F00-000000008801}11286728C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-2F00-000000008801}2524C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015234Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.608{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015233Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.373{573C7F3B-A40D-5FAA-AE06-000000008801}2772944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015232Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.233{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A40D-5FAA-AE06-000000008801}2772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015231Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.233{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015230Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.233{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015229Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.233{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015228Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.233{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015227Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.233{573C7F3B-9D03-5FAA-0500-000000008801}6401152C:\Windows\system32\csrss.exe{573C7F3B-A40D-5FAA-AE06-000000008801}2772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015226Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.233{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A40D-5FAA-AE06-000000008801}2772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015225Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:37.233{573C7F3B-A40D-5FAA-AE06-000000008801}2772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015255Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.967{573C7F3B-A40E-5FAA-B006-000000008801}48882372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015254Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.826{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A40E-5FAA-B006-000000008801}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015253Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.826{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015252Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.826{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015251Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.826{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015250Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.826{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015249Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.826{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A40E-5FAA-B006-000000008801}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015248Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.826{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A40E-5FAA-B006-000000008801}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015247Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.827{573C7F3B-A40E-5FAA-B006-000000008801}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015246Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.623{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015245Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.295{573C7F3B-A40E-5FAA-AF06-000000008801}70041148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015244Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.170{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A40E-5FAA-AF06-000000008801}7004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015243Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.170{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015242Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.170{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015241Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.170{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015240Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.170{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015239Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.170{573C7F3B-9D03-5FAA-0500-000000008801}640788C:\Windows\system32\csrss.exe{573C7F3B-A40E-5FAA-AF06-000000008801}7004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015238Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.170{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A40E-5FAA-AF06-000000008801}7004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015237Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:38.171{573C7F3B-A40E-5FAA-AF06-000000008801}7004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015264Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.967{573C7F3B-9DAD-5FAA-D900-000000008801}39526876C:\Windows\system32\conhost.exe{573C7F3B-A40F-5FAA-B106-000000008801}3296C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015263Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.967{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015262Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.967{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015261Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.967{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015260Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.967{573C7F3B-9D05-5FAA-0C00-000000008801}592844C:\Windows\system32\svchost.exe{573C7F3B-9D15-5FAA-3100-000000008801}2488C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015259Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.967{573C7F3B-9D03-5FAA-0500-000000008801}6402408C:\Windows\system32\csrss.exe{573C7F3B-A40F-5FAA-B106-000000008801}3296C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015258Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.967{573C7F3B-9DAD-5FAA-D500-000000008801}49963864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{573C7F3B-A40F-5FAA-B106-000000008801}3296C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000015257Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.967{573C7F3B-A40F-5FAA-B106-000000008801}3296C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{573C7F3B-9D03-5FAA-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{573C7F3B-9DAD-5FAA-D500-000000008801}4996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015256Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.639{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015266Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:40.654{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015265Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:39.998{573C7F3B-9D03-5FAA-0B00-000000008801}8564972C:\Windows\system32\lsass.exe{573C7F3B-9D05-5FAA-1400-000000008801}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78603|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+610fc|C:\Windows\System32\RPCRT4.dll+52734|C:\Windows\System32\RPCRT4.dll+5164d|C:\Windows\System32\RPCRT4.dll+51efb|C:\Windows\System32\RPCRT4.dll+2552c|C:\Windows\System32\RPCRT4.dll+259ac|C:\Windows\System32\RPCRT4.dll+1122c|C:\Windows\System32\RPCRT4.dll+12a8b|C:\Windows\System32\RPCRT4.dll+1efba|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000015267Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:41.670{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015268Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:42.686{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015269Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:43.701{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015270Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:44.717{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015271Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:45.733{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015272Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:46.748{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015273Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:47.764{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015274Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:48.779{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015275Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:49.795{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015276Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:50.811{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015277Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:51.826{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015278Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:52.842{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015279Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:53.857{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015280Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:54.873{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015281Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:55.889{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015282Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:56.904{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015283Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:57.920{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015284Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:58.935{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015285Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:30:59.951{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015286Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:00.967{573C7F3B-9D15-5FAA-2D00-000000008801}21723596C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015287Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:01.982{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015288Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:02.998{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015289Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:04.014{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015290Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:05.029{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015291Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:06.045{573C7F3B-9D15-5FAA-2D00-000000008801}21723612C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015292Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:07.060{573C7F3B-9D15-5FAA-2D00-000000008801}21723616C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015293Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:08.076{573C7F3B-9D15-5FAA-2D00-000000008801}21723608C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015294Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:09.092{573C7F3B-9D15-5FAA-2D00-000000008801}21723600C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000015295Microsoft-Windows-Sysmon/Operationalwin-dc-748.attackrange.local-2020-11-10 14:31:10.092{573C7F3B-9D15-5FAA-2D00-000000008801}21723604C:\Program Files (x86)\nxlog\nxlog.exe{573C7F3B-9D0B-5FAA-2500-000000008801}3036C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Program Files (x86)\nxlog\libapr-1-0.dll+207a0(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+139e(wow64)|C:\Program Files (x86)\nxlog\modules\extension\xm_exec.dll+1512(wow64)|C:\Program Files (x86)\nxlog\libnx-0.dll+d5e9(wow64)|C:\Program Files (x86)\nxlog\nxlog.exe+6d5c|C:\Program Files (x86)\nxlog\nxlog.exe+530b|C:\Program Files (x86)\nxlog\libapr-1-0.dll+20c1e(wow64)|C:\Windows\System32\msvcrt.dll+67326(wow64)|C:\Windows\System32\msvcrt.dll+673f1(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64)