23542300x800000000000000045325Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:51.473{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=234E7960897DE84444F76369D7E43108,SHA256=8CAF853DFF9EAF5244831768CA5EA0B2B84CD640D4533DCCBB8A5AC17CCFD651,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025483Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:51.045{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB5AE3C954CED52E432B122D7F56DF04,SHA256=9AF3E04B89AC4D7A2EC137FD6F85FBAE1577AF8D8B1D503523696A21D55C732C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045324Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:51.095{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=28178D03A7FD07A2D5FEFD42A5217354,SHA256=FF40020F56F785DD02779BDCA5394EC31F44C8DCAA6E41CDC5BAA4F4850EB503,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045323Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:51.026{80A11F3A-A080-6124-A400-00000000F001}3688NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=2B640B14B078BDE477642A1B0343AB94,SHA256=3B2B580B4DB9BC146C26A020DCDFF562BBB4C06910A12B38AD6DA5D62A770671,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025484Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:52.185{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B980D731ECE29440577120F07602147,SHA256=4E6403569FD9A4481C8DC6E87295E9B6513E3D6B47B6EC8C85D1924850092B39,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045328Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:49.100{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52203-false10.0.1.12-8000-
354300x800000000000000045327Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:48.921{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52202-false10.0.1.12-8089-
23542300x800000000000000045326Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:52.491{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4191761ACA6369DE90327DA9F4A2375F,SHA256=D775DA78546A5532DD9CC96612208B84948DA2A75E2C216340788D5B5BB7D71A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045329Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:53.510{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=827D195636FF9942B5D7D2433DAEC0EE,SHA256=4122AA554833EB5FF73987DA8CD79B82288E053F4C8EA895A8164C59270F0946,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025489Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:50.761{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50923-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025488Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:53.404{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99BF1F7E2BD15866965CE3124AB7059A,SHA256=26916604DE711FA15086B2EC954CAAB4E036F5154C7283686DF919124A9E0DA1,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025487Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:53.263{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CD-6124-1300-00000000F101}796C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025486Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:53.263{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CD-6124-1300-00000000F101}796C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025485Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:53.263{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CD-6124-1300-00000000F101}796C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000025490Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:54.420{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF95DC38FE25723A4A1ED7074B9BFC05,SHA256=773877A6BEEB355192E4F21C643552990EAF8BB8E703429B716779EC050CDFB3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045330Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:54.525{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=004E4A341ED22BD9D314E41B516A5BA9,SHA256=562CACE6FBB7A408F198F5958B2223F127B4B345936E9585D3FBBBDFFF3D85B8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025491Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:55.654{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEF80174278285DD763C2545E89E2D68,SHA256=9DA46E45C159F01A7A2554C12610E1A9C7963D641165E952FAF1F3139A10F02B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045331Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:55.540{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39AC265297D5CD3352A40B39742EE0DC,SHA256=3689F77D1158B06242FB3E0072EB7470471AFDA49E52E0977B44FE82447DF523,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025492Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:56.888{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AF3EE57B6DD5FB87564DE3F187150FC,SHA256=ACC5625A2C7695C41F90F45C29ECF33FD3181D03C8FF87F12CA3424CA6C8A797,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045339Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:56.855{80A11F3A-A44E-6124-D004-00000000F001}41601456C:\Windows\Explorer.EXE{80A11F3A-B9A5-6124-1609-00000000F001}4404C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045338Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:56.855{80A11F3A-A44E-6124-D004-00000000F001}41601456C:\Windows\Explorer.EXE{80A11F3A-B9A5-6124-1609-00000000F001}4404C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045337Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:56.855{80A11F3A-A44E-6124-D004-00000000F001}41601456C:\Windows\Explorer.EXE{80A11F3A-B9A5-6124-1609-00000000F001}4404C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045336Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:56.855{80A11F3A-A44E-6124-D004-00000000F001}41605936C:\Windows\Explorer.EXE{80A11F3A-B9A5-6124-1709-00000000F001}7004C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62400|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045335Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:56.855{80A11F3A-A44E-6124-D004-00000000F001}41605936C:\Windows\Explorer.EXE{80A11F3A-B9A5-6124-1709-00000000F001}7004C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c00|C:\Windows\System32\SHELL32.dll+623bc|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045334Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:56.855{80A11F3A-A44E-6124-D004-00000000F001}41605936C:\Windows\Explorer.EXE{80A11F3A-B9A5-6124-1709-00000000F001}7004C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62390|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045333Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:56.855{80A11F3A-A44E-6124-D004-00000000F001}41605936C:\Windows\Explorer.EXE{80A11F3A-B9A5-6124-1709-00000000F001}7004C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045332Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:56.589{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A94A2113CDF516A19C7DB42A99A499AC,SHA256=AD81CCE81224FE89BCA0E7F07C862947620E53972B47C7C6065DF87CDC5DCF20,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025493Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:57.935{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9A453D991CFDF36E69254AE657BE80D,SHA256=4388DEE9FEB333E8707E33A95A05FC3E7F9792E25730201F2A07D215C6A54106,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045340Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:57.607{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B46C57749434C85C6A4E0E23E3E2BB5,SHA256=384A43559C89400FE9AE99F05A2F30165B3DB3D6B7CBE994C9990340552E3D45,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045341Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:58.623{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BEA7C0D3D055C839B402C2A14212510,SHA256=7F50E6957E92C86967684EEB119B94274B01D9C676E4667E5B9C6A2B82B1D0B5,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025494Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:56.746{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50924-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000045343Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:59.637{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28329024FAD6C97DF201A07C63F15381,SHA256=2A5C8860EFE88069FF4BDDB6FBF57C421B3DDB35D37EBBDEFB4B13A8C4AFE46C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025495Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:19:59.170{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B23771DDB657F135C490BA26D8ADB446,SHA256=2DC7BCC83755056EF246CB43B7A9FB99B40790178D33B1A34937DFC2EBBE291B,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045342Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:19:55.049{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52204-false10.0.1.12-8000-
23542300x800000000000000025496Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:00.404{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AAD5BC6B548BAB119B9A3FB4897ED1D,SHA256=0FA8BD04990254B25C858E1365B55DA6E637E910800E39177BA4ED7E8F1EDDBB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045352Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:00.706{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AECF0FE1C2BA61DFE7C2E7FD9328490A,SHA256=0455C3223EBCB3A028DCE8E3B6A42A97D2D7D1A2CB9C31AB938E3D3CDFFB6A9B,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045351Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:00.537{80A11F3A-B9A5-6124-1709-00000000F001}70045548C:\Windows\system32\conhost.exe{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045350Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:00.537{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045349Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:00.537{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045348Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:00.537{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045347Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:00.537{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045346Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:00.537{80A11F3A-A44A-6124-B604-00000000F001}27884036C:\Windows\system32\csrss.exe{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045345Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:00.537{80A11F3A-B9A5-6124-1609-00000000F001}44045216C:\Windows\system32\cmd.exe{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045344Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:00.536{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershellC:\Temp\ATTACKRANGE\Administrator{80A11F3A-A44C-6124-23D7-2F0000000000}0x2fd7232HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{80A11F3A-B9A5-6124-1609-00000000F001}4404C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"
17141700x800000000000000045360Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-CreatePipe2021-08-24 09:20:01.972{80A11F3A-B9C0-6124-1809-00000000F001}1796\PSHost.132742704005364625.1796.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
23542300x800000000000000045359Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:01.925{80A11F3A-B9C0-6124-1809-00000000F001}1796ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_3ydmc2ml.uxo.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045358Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:01.925{80A11F3A-B9C0-6124-1809-00000000F001}1796ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_gqdlpmkr.hsq.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045357Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:01.757{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23120C030D5E2ECBE86B953FDD3834B3,SHA256=150E4C8F027CC11B53D85FE2566F2D806F45EF6554E154A407BAFE18EE61A63D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025497Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:01.404{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5013970C6150912FB6C5C8F65A0548A1,SHA256=A0D7DE9404708F7606E1B5D3E657B7C6197D591CFF343BEF835790929BF0E98D,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000045356Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:01.639{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_gqdlpmkr.hsq.ps12021-08-24 09:20:01.639
10341000x800000000000000045355Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:01.614{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045354Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:01.527{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C82AB87BEE153B176860E32796E221CA,SHA256=B707E4B33F2A8C501A4704FC2E572F3327B1B9FBDEB667CAC077BA0EC404B8C5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045353Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:01.526{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37AF03B05C8D43ABB3CA82A02A7F1D3C,SHA256=D3F99EB38DBD4BE3F5B6DBF1A8A51846CA96272D9C52570922A21110899BECFA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045366Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:02.765{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE544B4A683B450821CBD5214E3F9993,SHA256=9CA641E5EFCBE4EF00E9C0163E18281D4BB9F95AC2EF4EBD4FBB42BBCDED9D30,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025498Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:02.404{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AB08984C59DC29CEF3C8E0B9D0B2CF9,SHA256=EC35A4FA1B76AB81918A6F0DAAF669FC74FA3FFA53FF71C21FA27F801E66E0A8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045365Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:02.633{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=929BB6C52140CC41F8211E78956555B3,SHA256=D058E0B74305152002A743ED87CB68A4E7F7E461C97B4B73D5ED8A06B51979B0,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045364Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:02.175{80A11F3A-9FFD-6124-1600-00000000F001}12961924C:\Windows\system32\svchost.exe{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045363Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:02.175{80A11F3A-9FFD-6124-1600-00000000F001}12961344C:\Windows\system32\svchost.exe{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045362Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:02.159{80A11F3A-9FFB-6124-0B00-00000000F001}6323560C:\Windows\system32\lsass.exe{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045361Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:02.159{80A11F3A-9FFB-6124-0B00-00000000F001}6323560C:\Windows\system32\lsass.exe{80A11F3A-B9C0-6124-1809-00000000F001}1796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045367Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:03.779{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E71F2B9849355B7EF75D922388DF05B7,SHA256=2DCAB6D6CF0AFDCDAE55B48F87A4C434649AFDF34EE61EE8C8CBD8DE133179D8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025509Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:03.404{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C69DE48CFF5E3AA112650E0D5E75257F,SHA256=5D0800A7F77F547F00A2D5D36DD884A1844E5D2B0D56EBDB25C0430F7AF8B030,IMPHASH=00000000000000000000000000000000falsetrue
13241300x800000000000000025508Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006)
13241300x800000000000000025507Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x005da719)
13241300x800000000000000025506Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d798c0-0xd69b00dd)
13241300x800000000000000025505Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d798c9-0x385f68dd)
13241300x800000000000000025504Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d798d1-0x9a23d0dd)
13241300x800000000000000025503Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006)
13241300x800000000000000025502Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x005da719)
13241300x800000000000000025501Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d798c0-0xd69b00dd)
13241300x800000000000000025500Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d798c9-0x385f68dd)
13241300x800000000000000025499Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:03.279{D371C250-A1CC-6124-0B00-00000000F101}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d798d1-0x9a23d0dd)
23542300x800000000000000045368Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:04.795{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A29CBDF7965C19C321482E9F221B1F58,SHA256=0B52545347B9CB301A28FE05DB35589048386EFD933BF9E14A2F7C54576B6AA4,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025511Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:02.793{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50925-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025510Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:04.420{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C030CD6803DA0BC8238EE7268928227,SHA256=1639FE86497C0E374EB8DA22DE5649B072C629DFAA59118C5A150FBC950BD744,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025512Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:05.654{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E3B62F35CEB49DC77CCEAB6FBD0D7B8,SHA256=985D4A92C35D6EAD5E7C8710992BD7EB4EA6F85B713EB677DC60ADCE7F64E70C,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045371Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:05.847{80A11F3A-9FFB-6124-0B00-00000000F001}6323560C:\Windows\system32\lsass.exe{80A11F3A-9FF8-6124-0100-00000000F001}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e
23542300x800000000000000045370Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:05.810{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DF2D061BF615C34B8A24162061FDEDB,SHA256=551E2836DD7595EA1E97C77D0FD03382DFEC6E80A3B6BC46CDE77CD0F20668BB,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045369Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:01.038{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52205-false10.0.1.12-8000-
23542300x800000000000000025513Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:06.716{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57067BC13AB340D9A8EFF33C40F968BB,SHA256=B98449CC0193913C1B48C5C9395CB621C7540C87CB06AFC77870D88DBB539B48,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045374Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:06.862{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D4875953713CD69BB8326A93741BED5C,SHA256=B2314144721D04DE70FF6157B94DADDCDF6EF85080D59D1B0D176A8FE51BE095,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045373Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:06.862{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C82AB87BEE153B176860E32796E221CA,SHA256=B707E4B33F2A8C501A4704FC2E572F3327B1B9FBDEB667CAC077BA0EC404B8C5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045372Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:06.827{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F1938D38A0138986B4D67904CA7AC32,SHA256=68207B7890B91950E52B1F350A9E7F21F07349AE60E337DE6F2B6EEE4CB203F3,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025527Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A24D-6124-A200-00000000F101}632732C:\Windows\system32\conhost.exe{D371C250-B9C7-6124-8506-00000000F101}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025526Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025525Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025524Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025523Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025522Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025521Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025520Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025519Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025518Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025517Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A1CC-6124-0500-00000000F101}408424C:\Windows\system32\csrss.exe{D371C250-B9C7-6124-8506-00000000F101}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000025516Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.826{D371C250-A24D-6124-9E00-00000000F101}29963340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D371C250-B9C7-6124-8506-00000000F101}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000025515Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.827{D371C250-B9C7-6124-8506-00000000F101}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D371C250-A1CC-6124-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000025514Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:07.732{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8D95CF5B4CF5EBF4CBA14AAE2A5840B,SHA256=932A6C8CBA9D1BCEB11B36ABA0AE798E3B71EE50AA205C63716FEE5326FDBC16,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045379Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:07.846{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A36D1384B0915E257529C54DDC1643C9,SHA256=0FD1A5FC0A7DB6DB9025FBEDA8ECF0B2EC855DC2C1528B985731C0BB397CB960,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045378Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:07.608{80A11F3A-9FFD-6124-1600-00000000F001}12962252C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2A00-00000000F001}2964C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045377Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:07.608{80A11F3A-9FFD-6124-1600-00000000F001}12962252C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2A00-00000000F001}2964C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x800000000000000045376Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:03.758{80A11F3A-9FF8-6124-0100-00000000F001}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local52206-truefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local445microsoft-ds
354300x800000000000000045375Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:03.758{80A11F3A-9FF8-6124-0100-00000000F001}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local52206-truefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local445microsoft-ds
23542300x800000000000000045383Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:08.861{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=954FF6E6038D771126F9ADFD524886B5,SHA256=7F32BDD963D0BB182FA1D0E3AFB8D034E4A834DD1EE5F68998D2F5C000D89EAD,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025540Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A24D-6124-A200-00000000F101}632732C:\Windows\system32\conhost.exe{D371C250-B9C8-6124-8606-00000000F101}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025539Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025538Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025537Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025536Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025535Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025534Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025533Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025532Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025531Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025530Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A1CC-6124-0500-00000000F101}4081048C:\Windows\system32\csrss.exe{D371C250-B9C8-6124-8606-00000000F101}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000025529Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.420{D371C250-A24D-6124-9E00-00000000F101}29963340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D371C250-B9C8-6124-8606-00000000F101}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000025528Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.421{D371C250-B9C8-6124-8606-00000000F101}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D371C250-A1CC-6124-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045382Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:08.563{80A11F3A-A00D-6124-2B00-00000000F001}3048NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-033a41ad2adc4bfd6\channels\health\respondent-20210824073023-106MD5=89885AE3740098080BF921C3557A0F2E,SHA256=52D69EE216311DAE394F361B1D857B742DE70422D40659B0C19407492A89204B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045381Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:08.408{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=0459BB8BF1CA6F0C0FDBB476CEE70395,SHA256=A27937B49037D2F1F4ACB01D3D94AC61962DCDF46EFE54944C7CAD80EEDE4FE8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045380Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:08.308{80A11F3A-9FFD-6124-1100-00000000F001}484NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E8FE732A60D7FFC857B2C5297D80FEFA,SHA256=7BDA6B6C2D44772ECFB80B19AC739A73A7BA525AED2BFACE69B52457DBCF1453,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045385Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:09.878{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5847D4700D2E2FEA8C3C2B9D739C3517,SHA256=C14F83CC0B05EF0D981D19AF7C5FFBBBCFEDC349655DF2369ED4CD6519B4F9D2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025557Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.295{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2025FECD311D844EF2BA5FAB5F0B1A25,SHA256=B65684FE61445B02412F2D8DBD5AE731FDC9379B6F864BED42723F0BB30A5053,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025556Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.295{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D7545D67E0D6B74E77EFF36060F6FB3,SHA256=348B964A90D07297BEBE4AC8DD5CB1659D4F27CA4FE02992C7512D411EB3B2F8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025555Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.295{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4FB0BBE38AA22A50E8A784ED9E8D1B3A,SHA256=CC7685079A6452428AD129075B162A2DBDEFAD8B60A7A5E1D7177D81ABB530A0,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025554Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.248{D371C250-B9C9-6124-8706-00000000F101}12243464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025553Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A24D-6124-A200-00000000F101}632732C:\Windows\system32\conhost.exe{D371C250-B9C9-6124-8706-00000000F101}1224C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025552Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025551Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025550Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025549Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025548Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025547Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025546Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025545Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025544Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025543Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A1CC-6124-0500-00000000F101}4081048C:\Windows\system32\csrss.exe{D371C250-B9C9-6124-8706-00000000F101}1224C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000025542Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.091{D371C250-A24D-6124-9E00-00000000F101}29963340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D371C250-B9C9-6124-8706-00000000F101}1224C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000025541Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:09.092{D371C250-B9C9-6124-8706-00000000F101}1224C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D371C250-A1CC-6124-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045384Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:09.577{80A11F3A-A00D-6124-2B00-00000000F001}3048NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-033a41ad2adc4bfd6\channels\health\surveyor-20210824073021-107MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045387Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:10.909{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0899DDE9A7F414D92E40942C1371B0AF,SHA256=3621D91A0CAD38423B772B28DA7F09181B9FE1C6510BC536CB9BD2A33635341B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025573Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D99A1A2648EDD12925C95366E5DFCA9D,SHA256=619923AC0E5D339BE8089D1F272BD9D6E1577275546C0048CEA45A328AECAED5,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025572Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.190{D371C250-B9CA-6124-8806-00000000F101}32643600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000025571Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.112{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2025FECD311D844EF2BA5FAB5F0B1A25,SHA256=B65684FE61445B02412F2D8DBD5AE731FDC9379B6F864BED42723F0BB30A5053,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045386Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:06.055{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52207-false10.0.1.12-8000-
10341000x800000000000000025570Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A24D-6124-A200-00000000F101}632732C:\Windows\system32\conhost.exe{D371C250-B9CA-6124-8806-00000000F101}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025569Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025568Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025567Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025566Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025565Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025564Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025563Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025562Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025561Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025560Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A1CC-6124-0500-00000000F101}408524C:\Windows\system32\csrss.exe{D371C250-B9CA-6124-8806-00000000F101}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000025559Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.018{D371C250-A24D-6124-9E00-00000000F101}29963340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D371C250-B9CA-6124-8806-00000000F101}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000025558Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:10.019{D371C250-B9CA-6124-8806-00000000F101}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D371C250-A1CC-6124-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045389Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:11.930{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F18AC44EABC3AC95DD2E846CC11BA5D7,SHA256=45F29792A3BE8CA6169EE5247B31695689CC408AD6507889C9E0EC7A71ECB5CE,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025602Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A24D-6124-A200-00000000F101}632732C:\Windows\system32\conhost.exe{D371C250-B9CB-6124-8A06-00000000F101}2564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025601Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025600Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025599Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025598Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025597Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025596Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025595Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025594Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025593Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025592Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A1CC-6124-0500-00000000F101}408424C:\Windows\system32\csrss.exe{D371C250-B9CB-6124-8A06-00000000F101}2564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000025591Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.799{D371C250-A24D-6124-9E00-00000000F101}29963340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D371C250-B9CB-6124-8A06-00000000F101}2564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000025590Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.800{D371C250-B9CB-6124-8A06-00000000F101}2564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D371C250-A1CC-6124-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000025589Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.315{D371C250-B9CB-6124-8906-00000000F101}39043176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000025588Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.205{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13857D2B6C0FC6CE8C27830CAFDF3596,SHA256=8D0148FE837DE6421E1D9AD47A95658E36C06653CE7B8DC89078BC92C366AB57,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045388Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:11.677{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=B2A1002B406F55B1C13C7CF32D1958E0,SHA256=A8C54F9C4BE49BA191A247C37DC4CC43ECB8E8E586CC70BD6EBBEFCA18EF61A6,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025587Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A24D-6124-A200-00000000F101}632732C:\Windows\system32\conhost.exe{D371C250-B9CB-6124-8906-00000000F101}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025586Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025585Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025584Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025583Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025582Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025581Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025580Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025579Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025578Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025577Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A1CC-6124-0500-00000000F101}408424C:\Windows\system32\csrss.exe{D371C250-B9CB-6124-8906-00000000F101}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000025576Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.127{D371C250-A24D-6124-9E00-00000000F101}29963340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D371C250-B9CB-6124-8906-00000000F101}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000025575Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:11.128{D371C250-B9CB-6124-8906-00000000F101}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D371C250-A1CC-6124-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000025574Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:08.715{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50926-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000045390Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:12.945{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=824B7EFFF146EE9089DECD3EBB7148C3,SHA256=9BFB5B609D3D02C787DA484DA2BA6BF5BF90F81E7C9C9B47E42947EB547B589B,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025618Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A24D-6124-A200-00000000F101}632732C:\Windows\system32\conhost.exe{D371C250-B9CC-6124-8B06-00000000F101}2692C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025617Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025616Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025615Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025614Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025613Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025612Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025611Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025610Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025609Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025608Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A1CC-6124-0500-00000000F101}408524C:\Windows\system32\csrss.exe{D371C250-B9CC-6124-8B06-00000000F101}2692C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000025607Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.299{D371C250-A24D-6124-9E00-00000000F101}29963340C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D371C250-B9CC-6124-8B06-00000000F101}2692C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000025606Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.301{D371C250-B9CC-6124-8B06-00000000F101}2692C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D371C250-A1CC-6124-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000025605Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.221{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79885DADF7920BC866D9880912C2FA15,SHA256=06C222D820D1830745DE0630A0FDFA82D3C283711CFAD0590953CA879CC23957,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025604Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.127{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ADE0F4935C36BB0BA0F919BDED0095C8,SHA256=F2C443339A6AE0E74E6270CC4DFB1653FC366B84D02E5E8B4D8CC5CDB3EC0607,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025603Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:12.033{D371C250-B9CB-6124-8A06-00000000F101}2564648C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045391Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:13.976{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34739C0614265B2FE36E7E4B395DA715,SHA256=92A57F866882DD166F90FCE9A475866A73164FD73B2D82A51343DCA760E018E0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025620Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:13.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70A70487DD7417A428E00F007489D241,SHA256=6C2C414178916DAE313189B46E3A8A0F0EEC2446C7530B26A99FB8BA2ACCA21B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025619Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:13.315{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=38216060E3FF7D2B5002133BE07889BC,SHA256=E66A215ADFE86117596FD8ACDD4779D14E94DDB3FA8A65931B298B4BEC43F3C9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025621Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:14.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6CB10F02EA1F08C849BDE6F18B8B70A,SHA256=4C732BB36E9E4094D171F92097DDE15440A029DAB8E77120DD19BE42AFBC6C54,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045394Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:14.644{80A11F3A-A44E-6124-D004-00000000F001}41601456C:\Windows\Explorer.EXE{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045393Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:14.628{80A11F3A-A44E-6124-D004-00000000F001}41605936C:\Windows\Explorer.EXE{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62390|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045392Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:14.628{80A11F3A-A44E-6124-D004-00000000F001}41605936C:\Windows\Explorer.EXE{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000025622Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:15.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79E1AB647802C6B06F4B593B3D4E048E,SHA256=3B805A608DC7FD7F09EA8DC7718883839DD1BF8D260F433F3EE0C3092F1D953B,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045396Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:11.116{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52208-false10.0.1.12-8000-
23542300x800000000000000045395Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:15.006{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30BE10501DBFE4E8D9B12E57220F6910,SHA256=3DADDDDDFE5B4C99D3FB8265C96B54D6B1341DD2BEEFAFB4292F12CCCDC6CF6D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025624Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:16.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58FD704BFB5CFE5553E2736523A82F65,SHA256=C557C2ADBC7735EF38BDE2AE05EFAC30705E2F4AA6B97A276996D3D755253751,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045397Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:16.007{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D687507A80FF3F78919A257D5CAEC9BF,SHA256=565038994201485E58D5E044D00B04A56E03D0529F5B9EC88556043B8DFD97D7,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025623Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:13.782{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50927-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025625Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:17.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB4FA0B978294DAE8760926BCD5503D6,SHA256=FEE8384D12F245C334F7E7DACCEEDBDCBC32BD06F9250761DDBE288AA52AD4C8,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045412Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.644{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045411Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.644{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045410Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.644{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045409Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.644{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045408Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.644{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045407Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.644{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045406Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.644{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045405Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.644{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045404Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.644{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045403Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.628{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045402Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.628{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045401Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.627{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=67E7779DD3A4EE4D858DE931A4B08A88,SHA256=A4F797011C16650912896A679B87E41ED7460D11195AB33D8F7DBA6F79831017,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045400Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.626{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D4875953713CD69BB8326A93741BED5C,SHA256=B2314144721D04DE70FF6157B94DADDCDF6EF85080D59D1B0D176A8FE51BE095,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045399Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.607{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045398Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.044{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89D88B7CA6C606DE243A9D04E4C320C6,SHA256=4CEBA6CC8E974B41BEACC523A795169FDD8FEB39D5E6EDE690AF1F23BDF194A2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025626Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:18.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=202E087E7C0776204DF2630ACFA7609F,SHA256=9EC7A8EAA249E6DB9E7DE387231A174CE4B3EBAD09189CB34E6BEAC4F26D18D5,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045423Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.959{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+a302c9|C:\Program Files\Mozilla Firefox\xul.dll+a301ea|C:\Program Files\Mozilla Firefox\xul.dll+a2fdd9|C:\Program Files\Mozilla Firefox\xul.dll+a2c15f|C:\Program Files\Mozilla Firefox\xul.dll+a2c46c|C:\Program Files\Mozilla Firefox\xul.dll+b7963a|C:\Program Files\Mozilla Firefox\xul.dll+2f2b99|C:\Program Files\Mozilla Firefox\xul.dll+2f2aa4|C:\Program Files\Mozilla Firefox\xul.dll+2f288d|C:\Program Files\Mozilla Firefox\xul.dll+2f2724|C:\Program Files\Mozilla Firefox\xul.dll+bcac13|C:\Program Files\Mozilla Firefox\xul.dll+bcb8e1|C:\Program Files\Mozilla Firefox\xul.dll+bca90d|C:\Program Files\Mozilla Firefox\xul.dll+bca862|C:\Program Files\Mozilla Firefox\xul.dll+b9a490|C:\Program Files\Mozilla Firefox\xul.dll+1a5bafb|C:\Program Files\Mozilla Firefox\xul.dll+ba02ee|C:\Program Files\Mozilla Firefox\xul.dll+ff213d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaaf|C:\Program Files\Mozilla Firefox\xul.dll+2d4d1d
10341000x800000000000000045422Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.675{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045421Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.675{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045420Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.675{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045419Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.675{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045418Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.675{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BF-6124-9706-00000000F001}5788C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1d0|C:\Program Files\Mozilla Firefox\xul.dll+e79d58|C:\Program Files\Mozilla Firefox\xul.dll+e79899|C:\Program Files\Mozilla Firefox\xul.dll+e7ad5f|C:\Program Files\Mozilla Firefox\xul.dll+1195606|C:\Program Files\Mozilla Firefox\xul.dll+e766dd|C:\Program Files\Mozilla Firefox\xul.dll+e5e5f0|C:\Program Files\Mozilla Firefox\xul.dll+1ef0312|C:\Program Files\Mozilla Firefox\xul.dll+1a31108|C:\Program Files\Mozilla Firefox\xul.dll+1a3327f|C:\Program Files\Mozilla Firefox\xul.dll+17a86d7|C:\Program Files\Mozilla Firefox\xul.dll+1bdac45|C:\Program Files\Mozilla Firefox\xul.dll+16e9761|C:\Program Files\Mozilla Firefox\xul.dll+1b7ebc9|C:\Program Files\Mozilla Firefox\xul.dll+17a5738|C:\Program Files\Mozilla Firefox\xul.dll+1756d76|UNKNOWN(00000320DE9D1E84)
354300x800000000000000045417Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:15.520{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local55060-
354300x800000000000000045416Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:15.517{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local58415-
354300x800000000000000045415Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:15.187{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local58242-
354300x800000000000000045414Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:15.185{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local61048-
23542300x800000000000000045413Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.075{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DE53F349DECFFD3CF9E1A5C7F796167,SHA256=F109B284E462B52A36ADC50148ADBAD889B2861DE49AD0F9055D6346BE954C79,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025627Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:19.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9290F260F73B67F4E8DAB3AE4E7A9CD1,SHA256=1FEB0F11DD417377903E76E7C812585E1CC9786901D8BF2CE90946EC58D10336,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045430Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:15.609{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52209-false3.215.161.145ec2-3-215-161-145.compute-1.amazonaws.com443https
10341000x800000000000000045429Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:19.374{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045428Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:19.374{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
22542200x800000000000000045427Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:15.523{80A11F3A-A5BA-6124-9206-00000000F001}5540analytics-collector-28944298.us-east-1.elb.amazonaws.com0100.26.82.72;44.195.138.131;3.224.104.154;3.215.161.145;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045426Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:15.522{80A11F3A-A5BA-6124-9206-00000000F001}5540collector.githubapp.com0type: 5 analytics-collector-28944298.us-east-1.elb.amazonaws.com;3.215.161.145;100.26.82.72;44.195.138.131;3.224.104.154;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045425Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:15.522{80A11F3A-A5BA-6124-9206-00000000F001}5540collector.githubapp.com0type: 5 analytics-collector-28944298.us-east-1.elb.amazonaws.com;::ffff:3.215.161.145;::ffff:100.26.82.72;::ffff:44.195.138.131;::ffff:3.224.104.154;C:\Program Files\Mozilla Firefox\firefox.exe
23542300x800000000000000045424Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:19.105{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92A5B0406C2CED3C368D4F9393CE5543,SHA256=CC3539B654109E4E3D0CB067E388E8F0F60D41F748BC1136EBFD838EC051D550,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025628Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:20.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EEF0B5EFA14C9C8BBC4AA899BBF464C,SHA256=5B839DFD0C0F984E03D310F540A18BA76CCF7466AE371862A4BBFD1583200A57,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045443Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.738{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045442Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.681{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BF-6124-9706-00000000F001}5788C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1d0|C:\Program Files\Mozilla Firefox\xul.dll+e79d58|C:\Program Files\Mozilla Firefox\xul.dll+e79757|C:\Program Files\Mozilla Firefox\xul.dll+8dea37|C:\Program Files\Mozilla Firefox\xul.dll+8d2f14|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd|C:\Program Files\Mozilla Firefox\firefox.exe+1bbe8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045441Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.674{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+ba5521|C:\Program Files\Mozilla Firefox\xul.dll+b81e63|C:\Program Files\Mozilla Firefox\xul.dll+b82017|C:\Program Files\Mozilla Firefox\xul.dll+ba543f|C:\Program Files\Mozilla Firefox\xul.dll+c17c75|C:\Program Files\Mozilla Firefox\xul.dll+3c6f81|C:\Program Files\Mozilla Firefox\xul.dll+3c6b04|C:\Program Files\Mozilla Firefox\xul.dll+3c69a8|C:\Program Files\Mozilla Firefox\xul.dll+27aead8|C:\Program Files\Mozilla Firefox\xul.dll+279fe1c|C:\Program Files\Mozilla Firefox\xul.dll+c271f1|C:\Program Files\Mozilla Firefox\xul.dll+2796eed|C:\Program Files\Mozilla Firefox\xul.dll+c2e536|C:\Program Files\Mozilla Firefox\xul.dll+c276bb|C:\Program Files\Mozilla Firefox\xul.dll+3b8a98|C:\Program Files\Mozilla Firefox\xul.dll+c292d8|C:\Program Files\Mozilla Firefox\xul.dll+279815e|C:\Program Files\Mozilla Firefox\xul.dll+2797ef4|C:\Program Files\Mozilla Firefox\xul.dll+c2f792|C:\Program Files\Mozilla Firefox\xul.dll+c29539
10341000x800000000000000045440Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.669{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+ba5521|C:\Program Files\Mozilla Firefox\xul.dll+b81e63|C:\Program Files\Mozilla Firefox\xul.dll+b82017|C:\Program Files\Mozilla Firefox\xul.dll+ba543f|C:\Program Files\Mozilla Firefox\xul.dll+c17c75|C:\Program Files\Mozilla Firefox\xul.dll+3c6f81|C:\Program Files\Mozilla Firefox\xul.dll+3c6b04|C:\Program Files\Mozilla Firefox\xul.dll+3c69a8|C:\Program Files\Mozilla Firefox\xul.dll+27aead8|C:\Program Files\Mozilla Firefox\xul.dll+279fe1c|C:\Program Files\Mozilla Firefox\xul.dll+c271f1|C:\Program Files\Mozilla Firefox\xul.dll+2796eed|C:\Program Files\Mozilla Firefox\xul.dll+c2e536|C:\Program Files\Mozilla Firefox\xul.dll+c276bb|C:\Program Files\Mozilla Firefox\xul.dll+3b8a98|C:\Program Files\Mozilla Firefox\xul.dll+c292d8|C:\Program Files\Mozilla Firefox\xul.dll+279815e|C:\Program Files\Mozilla Firefox\xul.dll+2797ef4|C:\Program Files\Mozilla Firefox\xul.dll+c2f792|C:\Program Files\Mozilla Firefox\xul.dll+c29539
10341000x800000000000000045439Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.665{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045438Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.657{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\03bm82ms.default-release\cache2\doomed\18200MD5=0C58E9CFD1C20412019928463563193C,SHA256=F2F26AC5848DF1C00C361EC9958FF169A2F29C142755285AC9C5B81CB3CCA116,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045437Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.657{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045436Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.657{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045435Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.645{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045434Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.641{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045433Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.641{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045432Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.641{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045431Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.126{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E11734243F9B8629B69F8F7CE849C877,SHA256=0856AFD2B264436F2EC0EC1A59476E622A203AD84FA22FE75A32F203A7DB799F,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025630Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:19.688{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50928-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025629Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:21.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=857D1D55313DA4D92CC3C3FA25989F4D,SHA256=80473A661089A18750EDFB7346A5F976DBFAEA36C9C2F4F177FA1C2A91A5AC1B,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045458Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.859{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-391.attackrange.local51695-false172.217.23.110mil04s23-in-f14.1e100.net443https
354300x800000000000000045457Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.858{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local51747-
13241300x800000000000000045456Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-SetValue2021-08-24 09:20:21.974{80A11F3A-9FFD-6124-1000-00000000F001}440C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d798c9-0x438af1f0)
354300x800000000000000045455Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.522{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-391.attackrange.local53069-false142.250.185.195fra16s52-in-f3.1e100.net443https
354300x800000000000000045454Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.521{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53218-
354300x800000000000000045453Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.520{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local58587-
354300x800000000000000045452Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.518{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53068-
354300x800000000000000045451Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.422{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local61503-
354300x800000000000000045450Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.421{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local63066-
354300x800000000000000045449Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.421{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local54020-
354300x800000000000000045448Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.283{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local55178-
354300x800000000000000045447Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:17.114{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52210-false10.0.1.12-8000-
10341000x800000000000000045446Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:21.141{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+ba5521|C:\Program Files\Mozilla Firefox\xul.dll+b81e63|C:\Program Files\Mozilla Firefox\xul.dll+b82017|C:\Program Files\Mozilla Firefox\xul.dll+ba543f|C:\Program Files\Mozilla Firefox\xul.dll+c17c75|C:\Program Files\Mozilla Firefox\xul.dll+3c6f81|C:\Program Files\Mozilla Firefox\xul.dll+3c6b04|C:\Program Files\Mozilla Firefox\xul.dll+3c69a8|C:\Program Files\Mozilla Firefox\xul.dll+27aead8|C:\Program Files\Mozilla Firefox\xul.dll+279fe1c|C:\Program Files\Mozilla Firefox\xul.dll+c271f1|C:\Program Files\Mozilla Firefox\xul.dll+2796eed|C:\Program Files\Mozilla Firefox\xul.dll+c2e536|C:\Program Files\Mozilla Firefox\xul.dll+c276bb|C:\Program Files\Mozilla Firefox\xul.dll+3b8a98|C:\Program Files\Mozilla Firefox\xul.dll+c292d8|C:\Program Files\Mozilla Firefox\xul.dll+279815e|C:\Program Files\Mozilla Firefox\xul.dll+2797ef4|C:\Program Files\Mozilla Firefox\xul.dll+c2f792|C:\Program Files\Mozilla Firefox\xul.dll+c29539
23542300x800000000000000045445Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:21.140{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5682676EB52EC65DE8BD29B3DE3E160D,SHA256=27BCC557FD042C70EA243DD17F8103CB168D171A5122808C111FF1C66324A072,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045444Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:21.113{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+ba5521|C:\Program Files\Mozilla Firefox\xul.dll+b81e63|C:\Program Files\Mozilla Firefox\xul.dll+b849b8|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695212|C:\Program Files\Mozilla Firefox\xul.dll+1a0cb1c|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd|C:\Program Files\Mozilla Firefox\firefox.exe+1bbe8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000025631Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:22.424{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F77F8AC3722A39C9387581422ED6CDD8,SHA256=276EE8815953AD279DE75D29A4CE1348EF869A49D9A1407C11AEF21A9C1CE670,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045468Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:19.094{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-391.attackrange.local55189-false142.250.185.66fra16s48-in-f2.1e100.net443https
354300x800000000000000045467Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:19.068{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local55188-
354300x800000000000000045466Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:19.066{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53207-
22542200x800000000000000045465Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.861{80A11F3A-A5BA-6124-9206-00000000F001}5540plus.l.google.com0172.217.23.110;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045464Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.860{80A11F3A-A5BA-6124-9206-00000000F001}5540apis.google.com0type: 5 plus.l.google.com;::ffff:172.217.23.110;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045463Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.528{80A11F3A-A5BA-6124-9206-00000000F001}5540gstaticadssl.l.google.com02a00:1450:4001:810::2003;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045462Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.524{80A11F3A-A5BA-6124-9206-00000000F001}5540gstaticadssl.l.google.com0142.250.185.195;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045461Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.426{80A11F3A-A5BA-6124-9206-00000000F001}5540www.google.com0142.250.185.68;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045460Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:18.425{80A11F3A-A5BA-6124-9206-00000000F001}5540www.google.com0::ffff:142.250.185.68;C:\Program Files\Mozilla Firefox\firefox.exe
23542300x800000000000000045459Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:22.203{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4690574327DC13CB1B67F5E34E833AF9,SHA256=DF03C1DA7F3DEE4209D9ED6295E6B1F3F875629DD7C2AD86BB9ACE22422CBA95,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025632Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:23.658{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8911DA9D1A786FBE04A6F0D059EA7FCA,SHA256=24D2A67DD90CBFD41D1707CC9962ED32C07EEA003D2B01B1216F320BA4436A8B,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045471Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:19.403{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local58590-
23542300x800000000000000045470Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:23.687{80A11F3A-B9C0-6124-1809-00000000F001}1796ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheMD5=4C19C1D4D846E61515B6EBD2BFE0C394,SHA256=7A2966126E883B7AEFAF001DB669F84DDB9D18F9ADBCF4F495C6C691F7A4E4EF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045469Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:23.337{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=037F8F2CED1220D0E05E36C2403A7581,SHA256=A7F4A103EE18F6CC1C00610EE7892B1FCBDF193C52080BD5146394317B9C00CC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025634Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:24.894{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=779A2721BD007A6AE8F648BB910DF7AA,SHA256=E4CAF9BB719C9470779E50CC0D54323737EFC1D273F8D548B2C449A7894B3FF8,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045473Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:20.469{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53530-
23542300x800000000000000045472Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:24.349{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B95C56D84CD4FED19777AD76944D67EA,SHA256=F0825C7C4779E05389BA37B0ABCBF8BF94BB48F8ABCB2A93A2E263FBC7A09ADA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025633Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:24.740{D371C250-A1CE-6124-1F00-00000000F101}1960NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0f4afa6fd0baf0d0a\channels\health\respondent-20210824073752-099MD5=3E68AA70F59B51FF348AEA647175EFEC,SHA256=C5AE0E32D021886757477DF5F39D9238799BB6BCB0D4F830DB1584DCBCA64EED,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025635Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:25.754{D371C250-A1CE-6124-1F00-00000000F101}1960NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0f4afa6fd0baf0d0a\channels\health\surveyor-20210824073750-100MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045482Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.912{80A11F3A-A080-6124-A800-00000000F001}32362200C:\Windows\system32\conhost.exe{80A11F3A-B9D9-6124-1909-00000000F001}5500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045481Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.910{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045480Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.910{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045479Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.910{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045478Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.909{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045477Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.909{80A11F3A-9FFA-6124-0500-00000000F001}4162924C:\Windows\system32\csrss.exe{80A11F3A-B9D9-6124-1909-00000000F001}5500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045476Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.909{80A11F3A-A080-6124-A400-00000000F001}3688640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{80A11F3A-B9D9-6124-1909-00000000F001}5500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045475Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.908{80A11F3A-B9D9-6124-1909-00000000F001}5500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{80A11F3A-9FFB-6124-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045474Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.359{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=065162961F11269404967325D0744F86,SHA256=B26CDD362960617F511613D1ED3C6FD2DAE88A79F24ED61C4DEA7829589752E0,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025637Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:24.690{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50929-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025636Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:26.127{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93C9629504CA2E1609BE63B0FC9F1F09,SHA256=E759D5A71A717C14AEA05BA3CC55F3328D801A3956FF842C5AD6712711ECCD35,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045502Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.951{80A11F3A-A080-6124-A800-00000000F001}32362200C:\Windows\system32\conhost.exe{80A11F3A-B9DA-6124-1B09-00000000F001}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045501Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.949{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045500Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.949{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045499Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.949{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045498Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.949{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045497Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.948{80A11F3A-9FFA-6124-0500-00000000F001}4162924C:\Windows\system32\csrss.exe{80A11F3A-B9DA-6124-1B09-00000000F001}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045496Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.948{80A11F3A-A080-6124-A400-00000000F001}3688640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{80A11F3A-B9DA-6124-1B09-00000000F001}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045495Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.948{80A11F3A-B9DA-6124-1B09-00000000F001}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{80A11F3A-9FFB-6124-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045494Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.915{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7DFE7C69CA0EEC7D0042D6186E00A5D1,SHA256=23668A552A98D7740A36098F3550CD4DE64F54AA795CC0792281EE469A1C6F86,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045493Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.914{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=67E7779DD3A4EE4D858DE931A4B08A88,SHA256=A4F797011C16650912896A679B87E41ED7460D11195AB33D8F7DBA6F79831017,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045492Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:22.924{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52211-false10.0.1.12-8000-
10341000x800000000000000045491Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.431{80A11F3A-A080-6124-A800-00000000F001}32362200C:\Windows\system32\conhost.exe{80A11F3A-B9DA-6124-1A09-00000000F001}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045490Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.428{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045489Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.428{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045488Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.427{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045487Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.427{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045486Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.427{80A11F3A-9FFA-6124-0500-00000000F001}416432C:\Windows\system32\csrss.exe{80A11F3A-B9DA-6124-1A09-00000000F001}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045485Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.427{80A11F3A-A080-6124-A400-00000000F001}3688640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{80A11F3A-B9DA-6124-1A09-00000000F001}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045484Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.426{80A11F3A-B9DA-6124-1A09-00000000F001}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{80A11F3A-9FFB-6124-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045483Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.364{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A39EB077B9A8863A6246AF36F1592AB7,SHA256=44FF97A1D6310E23053B0D3ECCC26378416F6337878989020DD76BCFAFFFAFC3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025638Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:27.348{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A4C9B9BF38828071DEBBD2A9DE2470F,SHA256=42D64BB84969EA1D676B01AAAED8B1F5061C49195BBF96110DE0DBCD3DA50610,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045506Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:27.981{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7DFE7C69CA0EEC7D0042D6186E00A5D1,SHA256=23668A552A98D7740A36098F3550CD4DE64F54AA795CC0792281EE469A1C6F86,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045505Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:27.504{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\permissions.sqlite-journalMD5=6F4FA778793DBEB159C4CD468C4F78FF,SHA256=B347E506F2EACB9895B15D51D5A9C75DFE77B3D864E28A874E9D8EACA2A1CB86,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045504Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:27.380{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=308030657F7D7FD919D4C9623EBD0D43,SHA256=468C25823E6C611E61C7C98EF2FA39DE3BAC7B52A1D8F380D540E0339B8B2DC3,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045503Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:27.164{80A11F3A-B9DA-6124-1B09-00000000F001}61927132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000025639Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:28.410{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B26B5919F193ECD1057BF82715FAD36,SHA256=A7FDA746A3BF567C6B7F18E72A7EB192A0437F4A65DD76589323B9D18990D41E,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045540Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.893{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52215-false192.0.76.3-443https
354300x800000000000000045539Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.893{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52214-false192.0.73.2-443https
354300x800000000000000045538Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.887{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local58934-
354300x800000000000000045537Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.887{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local51722-
354300x800000000000000045536Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.886{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local62399-
354300x800000000000000045535Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.876{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local62336-
354300x800000000000000045534Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.873{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52213-false142.250.184.234fra24s12-in-f10.1e100.net443https
354300x800000000000000045533Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.867{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local55911-
10341000x800000000000000045532Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.844{80A11F3A-A080-6124-A800-00000000F001}32362200C:\Windows\system32\conhost.exe{80A11F3A-B9DC-6124-1D09-00000000F001}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045531Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.843{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045530Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.843{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045529Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.843{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045528Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.842{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045527Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.840{80A11F3A-9FFA-6124-0500-00000000F001}416432C:\Windows\system32\csrss.exe{80A11F3A-B9DC-6124-1D09-00000000F001}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045526Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.840{80A11F3A-A080-6124-A400-00000000F001}3688640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{80A11F3A-B9DC-6124-1D09-00000000F001}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045525Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.840{80A11F3A-B9DC-6124-1D09-00000000F001}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{80A11F3A-9FFB-6124-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000045524Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.560{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52212-false104.145.225.3pandora.digitaldatacenter.net443https
10341000x800000000000000045523Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.570{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+ba5521|C:\Program Files\Mozilla Firefox\xul.dll+b81e63|C:\Program Files\Mozilla Firefox\xul.dll+b849b8|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695212|C:\Program Files\Mozilla Firefox\xul.dll+1a0cb1c|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd|C:\Program Files\Mozilla Firefox\firefox.exe+1bbe8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045522Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.423{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045521Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.422{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045520Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.422{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045519Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.398{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5D84AD1D5AADD7F98EC5117075BE8F2,SHA256=3C8989C33D4334A8D6F4E80FEA0D94CC511D49A15035519949CFC3084E01D190,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045518Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.392{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045517Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.377{80A11F3A-B9DC-6124-1C09-00000000F001}50487080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045516Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.282{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045515Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.281{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045514Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.175{80A11F3A-A080-6124-A800-00000000F001}32362200C:\Windows\system32\conhost.exe{80A11F3A-B9DC-6124-1C09-00000000F001}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045513Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.173{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045512Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.172{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045511Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.172{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045510Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.172{80A11F3A-9FFA-6124-0500-00000000F001}416432C:\Windows\system32\csrss.exe{80A11F3A-B9DC-6124-1C09-00000000F001}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045509Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.172{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045508Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.172{80A11F3A-A080-6124-A400-00000000F001}3688640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{80A11F3A-B9DC-6124-1C09-00000000F001}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045507Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.171{80A11F3A-B9DC-6124-1C09-00000000F001}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{80A11F3A-9FFB-6124-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000025640Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:29.441{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=442C271363A9B287CA43F6381A89C9AE,SHA256=9765A77654D789E8EFAEF95299F0C8B186F1EEFB469D3FC5F03B1E414F3A91A0,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045589Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.726{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52222-false93.184.220.70-443https
354300x800000000000000045588Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.725{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local56450-
354300x800000000000000045587Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.722{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local60321-
354300x800000000000000045586Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.646{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52221-false192.229.233.25-443https
354300x800000000000000045585Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.567{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local61058-
354300x800000000000000045584Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.473{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52220-false104.244.42.200-443https
354300x800000000000000045583Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.462{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local61008-
354300x800000000000000045582Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.316{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52219-false192.229.233.25-443https
354300x800000000000000045581Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.312{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52218-false192.0.76.3-443https
354300x800000000000000045580Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.311{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local59883-
354300x800000000000000045579Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.311{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local55561-
354300x800000000000000045578Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.311{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local63617-
354300x800000000000000045577Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.309{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local61749-
10341000x800000000000000045576Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.679{80A11F3A-B9DD-6124-1E09-00000000F001}32005944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045575Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.582{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58E958FBE4AA273E8842245622120CA7,SHA256=DA0A2CA50E69738BF8361FC1ABC412A1266D5436F847AD4978E24D9CD0748898,IMPHASH=00000000000000000000000000000000falsetrue
22542200x800000000000000045574Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.314{80A11F3A-A5BA-6124-9206-00000000F001}5540cs491.wac.edgecastcdn.net0192.229.233.25;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045573Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.314{80A11F3A-A5BA-6124-9206-00000000F001}5540platform.twitter.com0type: 5 cs472.wac.edgecastcdn.net;type: 5 cs1-apr-8315.wac.edgecastcdn.net;type: 5 wac.apr-8315.edgecastdns.net;type: 5 cs1-lb-eu.8315.ecdns.net;type: 5 cs491.wac.edgecastcdn.net;::ffff:192.229.233.25;C:\Program Files\Mozilla Firefox\firefox.exe
10341000x800000000000000045572Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.513{80A11F3A-A080-6124-A800-00000000F001}32362200C:\Windows\system32\conhost.exe{80A11F3A-B9DD-6124-1E09-00000000F001}3200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045571Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.511{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045570Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.511{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045569Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.511{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045568Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.511{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045567Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.511{80A11F3A-9FFA-6124-0500-00000000F001}416532C:\Windows\system32\csrss.exe{80A11F3A-B9DD-6124-1E09-00000000F001}3200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045566Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.510{80A11F3A-A080-6124-A400-00000000F001}3688640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{80A11F3A-B9DD-6124-1E09-00000000F001}3200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045565Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.510{80A11F3A-B9DD-6124-1E09-00000000F001}3200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{80A11F3A-9FFB-6124-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000045564Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.308{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local52497-
354300x800000000000000045563Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.179{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52217-false142.250.185.195fra16s52-in-f3.1e100.net443https
354300x800000000000000045562Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.178{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52216-false142.250.185.195fra16s52-in-f3.1e100.net443https
10341000x800000000000000045561Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.370{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045560Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.369{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045559Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.249{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\permissions.sqlite-journalMD5=D276B07DB276625660072749DEFD2AC4,SHA256=A7A128768982AE24C3F68F02F119652F8E845CF6DA5E8EC62329FA6CC2114345,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045558Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:25.908{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-391.attackrange.local58935-false142.250.184.234fra24s12-in-f10.1e100.net443https
10341000x800000000000000045557Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.242{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045556Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.241{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045555Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.241{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045554Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.180{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045553Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.179{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045552Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.179{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045551Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.179{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045550Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.179{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045549Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.178{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045548Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.178{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045547Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.178{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045546Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.178{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045545Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.177{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045544Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.177{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045543Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.177{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045542Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.176{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F50495ECF4C0B813268B2661AAFF421C,SHA256=D86634FDDE78B1AF3BA3CAB71D501111DD253A2C2497DA38CF6BD8B0A0F8EE36,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045541Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:29.065{80A11F3A-B9DC-6124-1D09-00000000F001}42806184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000025641Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:30.455{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=035FA0E64EC77D46AEE5C04FCF37A915,SHA256=5861470E8C02BD84A8681B96EE911EA929EA1CBC5B69EE08628616F27528B797,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045616Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:27.585{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local60072-
354300x800000000000000045615Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:27.584{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local58753-
354300x800000000000000045614Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.997{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52226-false152.199.21.140-443https
354300x800000000000000045613Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.997{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52227-false152.199.21.140-443https
23542300x800000000000000045612Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.603{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5263218C099DB4C818387753F075D1F8,SHA256=C2EAEF762B0EFEBC6B842056BFD6AFE53C04FBCCA75A01408711DA0F308709B5,IMPHASH=00000000000000000000000000000000falsetrue
22542200x800000000000000045611Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.730{80A11F3A-A5BA-6124-9206-00000000F001}5540cs45.wac.edgecastcdn.net02606:2800:134:1a0d:1429:742:782:b6;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045610Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.728{80A11F3A-A5BA-6124-9206-00000000F001}5540cs45.wac.edgecastcdn.net093.184.220.70;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045609Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.316{80A11F3A-A5BA-6124-9206-00000000F001}5540cs491.wac.edgecastcdn.net02606:2800:234:46c:e8b:1e2f:2bd:694;C:\Program Files\Mozilla Firefox\firefox.exe
23542300x800000000000000045608Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.517{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=27B557D20709A81E9C9EC20A4F458534,SHA256=208EE5EC7C24EFB5CAF7A83B05F01DCFB77BB21A1546638CC3C025A1C42BDB34,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045607Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.421{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045606Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.421{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x800000000000000045605Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.996{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local60027-
354300x800000000000000045604Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.994{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local52785-
354300x800000000000000045603Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.945{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52225-false93.184.220.70-443https
354300x800000000000000045602Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.944{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52224-false152.199.21.141-443https
354300x800000000000000045601Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.944{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52223-false152.199.21.141-443https
354300x800000000000000045600Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.939{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local62315-
354300x800000000000000045599Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.938{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local58418-
354300x800000000000000045598Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:26.937{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local62732-
10341000x800000000000000045597Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.178{80A11F3A-A080-6124-A800-00000000F001}32362200C:\Windows\system32\conhost.exe{80A11F3A-B9DE-6124-1F09-00000000F001}6708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045596Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.176{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045595Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.176{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045594Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.175{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045593Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.175{80A11F3A-9FFC-6124-0C00-00000000F001}8526956C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045592Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.175{80A11F3A-9FFA-6124-0500-00000000F001}416432C:\Windows\system32\csrss.exe{80A11F3A-B9DE-6124-1F09-00000000F001}6708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045591Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.175{80A11F3A-A080-6124-A400-00000000F001}3688640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{80A11F3A-B9DE-6124-1F09-00000000F001}6708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045590Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:30.174{80A11F3A-B9DE-6124-1F09-00000000F001}6708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{80A11F3A-9FFB-6124-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000025643Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:29.844{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50930-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025642Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:31.470{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E66A049B0D09214EE3BB406542B7280,SHA256=87A5EB419C8901570F568B0EDD8E2AA8D1B1FC9A25E2CC247E5C7CAC9B9C3973,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045620Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:28.119{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52228-false10.0.1.12-8000-
354300x800000000000000045619Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:27.610{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-391.attackrange.local53domainfalse127.0.0.1win-dc-391.attackrange.local58753-
354300x800000000000000045618Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:27.610{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1win-dc-391.attackrange.local53domainfalse127.0.0.1win-dc-391.attackrange.local60072-
23542300x800000000000000045617Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:31.579{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D33949E6E7D65A9212841EB551813C8,SHA256=548CA2C60755F17EBD32D531CF466DDFAA25381190AB5D92784E781FF8CEE974,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025645Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:32.689{D371C250-A24D-6124-9E00-00000000F101}2996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=2B640B14B078BDE477642A1B0343AB94,SHA256=3B2B580B4DB9BC146C26A020DCDFF562BBB4C06910A12B38AD6DA5D62A770671,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025644Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:32.470{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=856AF57287725E68EC95F90C7A712BB6,SHA256=2129E5DBA8F47D9DCBEE9B69C3994F56418DC5E28AF8AC9EDD9F13F00A411C62,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045621Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:32.583{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B47E75ED5C8BB40A9ECA0661BD15FDB,SHA256=C88797BFBE3EA5AB1786171BBC07DF4F7E3C5A1B663E96B3861722AF04716512,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025646Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:33.689{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E6D6798584AB6A8FA7F28CF02601E87,SHA256=6DA8067A3E6632CB8EED961D5439E5434DD460E74CE84D105BC0D792EFAE28E6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045622Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:33.586{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AEF6DC225FCEA7944A8D308DDD84B3DD,SHA256=EF49B3B640741179C2383B72693541BBF033E8CAA271B0AD2FEDDC9A2EFB0E70,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025648Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:34.704{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07762C4C04FCDAE2E16E96922FE8A552,SHA256=0A506D6838154CB3CD7942438E3D28447CC778F9D4FA9BBB980E8ECA37A4A2E3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045623Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:34.598{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C660E7278BDF833309E16CC0143E928,SHA256=74B7DC095FFCC2B0FB1CDFECA0260EC206B8DDA800A6666AD8B9A0D164EB95DE,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025647Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:32.282{D371C250-A24D-6124-9E00-00000000F101}2996C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50931-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
23542300x800000000000000025649Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:35.830{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52D70F5B8D7B327863E5E9CFA4DD766E,SHA256=8533D576D7F03B524D1ADECD2358CF131612B42F69D28835382FA98C1B802ADD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045624Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:35.602{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7795E51D40421750903A2EB41ADD781,SHA256=AA345CF3A8351A53B30E4FB30BF2AE5D178A3C9D173FCF565E9EDA94CA7A9A02,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025650Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:36.986{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65F36CB9D4E2EB16E05162E76DF7447E,SHA256=DC53A8582550BAA8889BB627A1EB754602E717AD1BE8F2567381BEF455EAEF81,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045625Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:36.608{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=514182324B7EFF8ED0B3CBA07F683929,SHA256=1A217EC830CF653FCF84C40942B6E3E8B6B192CC3376191BC5D8779F7B54F244,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025651Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:35.703{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50932-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
10341000x800000000000000045630Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:37.985{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+a302c9|C:\Program Files\Mozilla Firefox\xul.dll+a301ea|C:\Program Files\Mozilla Firefox\xul.dll+a2fdd9|C:\Program Files\Mozilla Firefox\xul.dll+a2c15f|C:\Program Files\Mozilla Firefox\xul.dll+a2c46c|C:\Program Files\Mozilla Firefox\xul.dll+b7963a|C:\Program Files\Mozilla Firefox\xul.dll+2f2b99|C:\Program Files\Mozilla Firefox\xul.dll+2f2aa4|C:\Program Files\Mozilla Firefox\xul.dll+2f288d|C:\Program Files\Mozilla Firefox\xul.dll+2f2724|C:\Program Files\Mozilla Firefox\xul.dll+bcac13|C:\Program Files\Mozilla Firefox\xul.dll+bcb8e1|C:\Program Files\Mozilla Firefox\xul.dll+bca90d|C:\Program Files\Mozilla Firefox\xul.dll+bca862|C:\Program Files\Mozilla Firefox\xul.dll+b9a490|C:\Program Files\Mozilla Firefox\xul.dll+1a5bafb|C:\Program Files\Mozilla Firefox\xul.dll+ba02ee|C:\Program Files\Mozilla Firefox\xul.dll+ff213d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaaf|C:\Program Files\Mozilla Firefox\xul.dll+2d4d1d
10341000x800000000000000045629Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:37.710{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045628Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:37.630{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1990343FCA8E391BB5E8BE8E5295A409,SHA256=87CD7C80905B6C852C570022F45368244DA9A7EE4592AC8AE5AB0D236FF078B8,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045627Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:37.390{80A11F3A-9FFD-6124-1000-00000000F001}4401684C:\Windows\system32\svchost.exe{80A11F3A-B94B-6124-0709-00000000F001}4252C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045626Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:37.107{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B94B-6124-0709-00000000F001}4252C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1d0|C:\Program Files\Mozilla Firefox\xul.dll+e79d58|C:\Program Files\Mozilla Firefox\xul.dll+e75749|C:\Program Files\Mozilla Firefox\xul.dll+e76123|C:\Program Files\Mozilla Firefox\xul.dll+e65391|C:\Program Files\Mozilla Firefox\xul.dll+e66864|C:\Program Files\Mozilla Firefox\xul.dll+e68d23|C:\Program Files\Mozilla Firefox\xul.dll+c8e024|C:\Program Files\Mozilla Firefox\xul.dll+c8b227|C:\Program Files\Mozilla Firefox\xul.dll+296b50|C:\Program Files\Mozilla Firefox\xul.dll+2966e1|C:\Program Files\Mozilla Firefox\xul.dll+f9c735|C:\Program Files\Mozilla Firefox\xul.dll+17952e4|C:\Program Files\Mozilla Firefox\xul.dll+1793c45|C:\Program Files\Mozilla Firefox\xul.dll+c8d89f|C:\Program Files\Mozilla Firefox\xul.dll+278ee6|C:\Program Files\Mozilla Firefox\xul.dll+39f83e|C:\Program Files\Mozilla Firefox\xul.dll+d216a6|UNKNOWN(00000320DE9D3110)
23542300x800000000000000025652Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:38.126{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69C136DAE9403995F7A2605645C29B28,SHA256=8415AFF151D3C547281FB036F1C7879DF99A9C150A983683B44244A181269FDE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045678Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.669{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E948AD1321D81EBEB691A1583E9CB4CD,SHA256=4F023C2C540F16772509F4FC6D93AA1AA433D3877AA8170B4DE4BD0F13C5C58E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045677Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.668{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E3D430673AB684C419A70C2E673FAD8C,SHA256=5F6216DCEC0357481D72F09847FC6AE0FA64B63592CE6DB78E5ED09D4BD5601A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045676Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.648{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25A809DD062276DA677773C0CEBB135C,SHA256=3887D8101AFCF056D86008101696B134D4A196978F4DA60A60F877AB5172B1BB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045675Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.248{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBBD31A28A1BDDBA4C6BBA8773205358,SHA256=105A116DC5274706F4D86A5A4F9771841F00494EEF81D3794E4B4B69A93B7439,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045674Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.247{80A11F3A-A5BA-6124-9206-00000000F001}55401504C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+a25601|C:\Program Files\Mozilla Firefox\xul.dll+a86785|C:\Program Files\Mozilla Firefox\xul.dll+cff01|C:\Program Files\Mozilla Firefox\xul.dll+1a0b8a2|C:\Program Files\Mozilla Firefox\xul.dll+176639d|C:\Program Files\Mozilla Firefox\xul.dll+16954dd|C:\Program Files\Mozilla Firefox\xul.dll+26542|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+8d3bc7|C:\Program Files\Mozilla Firefox\nss3.dll+7692d|C:\Program Files\Mozilla Firefox\nss3.dll+8e041|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045673Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.234{80A11F3A-9FFD-6124-1000-00000000F001}4401684C:\Windows\system32\svchost.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045672Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.233{80A11F3A-9FFD-6124-1000-00000000F001}4401684C:\Windows\system32\svchost.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045671Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.221{80A11F3A-9FFB-6124-0B00-00000000F001}6323560C:\Windows\system32\lsass.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045670Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.220{80A11F3A-9FFB-6124-0B00-00000000F001}6323560C:\Windows\system32\lsass.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045669Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.201{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a68e78|C:\Program Files\Mozilla Firefox\xul.dll+a2cd97|C:\Program Files\Mozilla Firefox\xul.dll+a75619|C:\Program Files\Mozilla Firefox\xul.dll+e6e8d8|C:\Program Files\Mozilla Firefox\xul.dll+1a171f4|C:\Program Files\Mozilla Firefox\xul.dll+1a0b8a2|C:\Program Files\Mozilla Firefox\xul.dll+19e35b2|C:\Program Files\Mozilla Firefox\xul.dll+1695212|C:\Program Files\Mozilla Firefox\xul.dll+1a0cb1c|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd|C:\Program Files\Mozilla Firefox\firefox.exe+1bbe8|C:\Windows\System32\KERNEL32.DLL+84d4
18141800x800000000000000045668Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-ConnectPipe2021-08-24 09:20:38.201{80A11F3A-A5BA-6124-9206-00000000F001}5540\cubeb-pipe-5540-6C:\Program Files\Mozilla Firefox\firefox.exe
17141700x800000000000000045667Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-CreatePipe2021-08-24 09:20:38.201{80A11F3A-A5BA-6124-9206-00000000F001}5540\cubeb-pipe-5540-6C:\Program Files\Mozilla Firefox\firefox.exe
10341000x800000000000000045666Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.186{80A11F3A-9FFC-6124-0C00-00000000F001}8525808C:\Windows\system32\svchost.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045665Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.183{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5C6-6124-9906-00000000F001}2484C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1d0|C:\Program Files\Mozilla Firefox\xul.dll+e79d58|C:\Program Files\Mozilla Firefox\xul.dll+e79757|C:\Program Files\Mozilla Firefox\xul.dll+8dea37|C:\Program Files\Mozilla Firefox\xul.dll+8d2f14|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695212|C:\Program Files\Mozilla Firefox\xul.dll+1a0cb1c|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd|C:\Program Files\Mozilla Firefox\firefox.exe+1bbe8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045664Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.183{80A11F3A-9FFD-6124-1600-00000000F001}12961344C:\Windows\system32\svchost.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
18141800x800000000000000045663Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-ConnectPipe2021-08-24 09:20:38.181{80A11F3A-A5BC-6124-9306-00000000F001}1640\chrome.5540.15.123935828C:\Program Files\Mozilla Firefox\firefox.exe
10341000x800000000000000045662Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.180{80A11F3A-A5BA-6124-9206-00000000F001}55406976C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+1b9bbc|C:\Program Files\Mozilla Firefox\xul.dll+a2f2a6|C:\Program Files\Mozilla Firefox\xul.dll+a2a051|C:\Program Files\Mozilla Firefox\xul.dll+1a03c46|C:\Program Files\Mozilla Firefox\xul.dll+1a024e1|C:\Program Files\Mozilla Firefox\xul.dll+13705|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+12de8|C:\Program Files\Mozilla Firefox\xul.dll+a0c091|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
17141700x800000000000000045661Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-CreatePipe2021-08-24 09:20:38.180{80A11F3A-A5BA-6124-9206-00000000F001}5540\chrome.5540.15.123935828C:\Program Files\Mozilla Firefox\firefox.exe
18141800x800000000000000045660Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-ConnectPipe2021-08-24 09:20:38.179{80A11F3A-A5BA-6124-9206-00000000F001}5540\chrome.5540.14.213904581C:\Program Files\Mozilla Firefox\firefox.exe
10341000x800000000000000045659Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.178{80A11F3A-A5BA-6124-9206-00000000F001}55402256C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1354cb|C:\Program Files\Mozilla Firefox\xul.dll+123998d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
18141800x800000000000000045658Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-ConnectPipe2021-08-24 09:20:38.178{80A11F3A-A5BA-6124-9206-00000000F001}5540\gecko-crash-server-pipe.5540C:\Program Files\Mozilla Firefox\firefox.exe
10341000x800000000000000045657Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.137{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1d0|C:\Program Files\Mozilla Firefox\xul.dll+e79d58|C:\Program Files\Mozilla Firefox\xul.dll+e75749|C:\Program Files\Mozilla Firefox\xul.dll+e6763c|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd|C:\Program Files\Mozilla Firefox\firefox.exe+1bbe8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045656Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.136{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045655Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.136{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045654Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.136{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045653Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.136{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045652Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.136{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045651Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.136{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045650Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.136{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045649Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.136{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045648Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.135{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045647Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.135{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045646Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.135{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045645Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.135{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045644Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.135{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a7471d|C:\Program Files\Mozilla Firefox\xul.dll+a69d3a|C:\Program Files\Mozilla Firefox\xul.dll+a69bf4|C:\Program Files\Mozilla Firefox\xul.dll+90e0ae|C:\Program Files\Mozilla Firefox\xul.dll+e6734a|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd
10341000x800000000000000045643Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.134{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a1c78f|C:\Program Files\Mozilla Firefox\xul.dll+a69dd8|C:\Program Files\Mozilla Firefox\xul.dll+e78f88|C:\Program Files\Mozilla Firefox\xul.dll+e672e6|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd|C:\Program Files\Mozilla Firefox\firefox.exe+1bbe8|C:\Windows\System32\KERNEL32.DLL+84d4
10341000x800000000000000045642Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.134{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+e6725d|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd|C:\Program Files\Mozilla Firefox\firefox.exe+1bbe8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045641Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.134{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+c22d5|C:\Program Files\Mozilla Firefox\xul.dll+e66f34|C:\Program Files\Mozilla Firefox\xul.dll+35f87a4|C:\Program Files\Mozilla Firefox\xul.dll+35f8710|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+19e3b6c|C:\Program Files\Mozilla Firefox\xul.dll+1695b70|C:\Program Files\Mozilla Firefox\xul.dll+1a0cbc6|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+1a1568|C:\Program Files\Mozilla Firefox\xul.dll+1a041f|C:\Program Files\Mozilla Firefox\xul.dll+41e224a|C:\Program Files\Mozilla Firefox\xul.dll+424df6d|C:\Program Files\Mozilla Firefox\xul.dll+424ebe3|C:\Program Files\Mozilla Firefox\xul.dll+1ef3c13|C:\Program Files\Mozilla Firefox\firefox.exe+5cdd|C:\Program Files\Mozilla Firefox\firefox.exe+1bbe8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045640Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.134{80A11F3A-A5BA-6124-9206-00000000F001}55406976C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a234df|C:\Program Files\Mozilla Firefox\xul.dll+898cb4|C:\Program Files\Mozilla Firefox\xul.dll+168795b|C:\Program Files\Mozilla Firefox\xul.dll+1a02565|C:\Program Files\Mozilla Firefox\xul.dll+13705|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+12de8|C:\Program Files\Mozilla Firefox\xul.dll+a0c091|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045639Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.122{80A11F3A-9FFC-6124-0C00-00000000F001}8525808C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045638Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.122{80A11F3A-9FFC-6124-0C00-00000000F001}8525808C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045637Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.121{80A11F3A-9FFC-6124-0C00-00000000F001}8525808C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045636Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.121{80A11F3A-9FFC-6124-0C00-00000000F001}8525808C:\Windows\system32\svchost.exe{80A11F3A-A00D-6124-2D00-00000000F001}2148C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045635Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.121{80A11F3A-A44A-6124-B604-00000000F001}27884036C:\Windows\system32\csrss.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045634Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.121{80A11F3A-A5BA-6124-9206-00000000F001}55402948C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2efed|C:\Program Files\Mozilla Firefox\firefox.exe+2e1f5|C:\Program Files\Mozilla Firefox\xul.dll+1fbfbea|C:\Program Files\Mozilla Firefox\xul.dll+a1ef43|C:\Program Files\Mozilla Firefox\xul.dll+a1d105|C:\Program Files\Mozilla Firefox\xul.dll+a243fe|C:\Program Files\Mozilla Firefox\xul.dll+8d1360|C:\Program Files\Mozilla Firefox\xul.dll+16954dd|C:\Program Files\Mozilla Firefox\xul.dll+2660a|C:\Program Files\Mozilla Firefox\xul.dll+a0e96f|C:\Program Files\Mozilla Firefox\xul.dll+2640e|C:\Program Files\Mozilla Firefox\xul.dll+8d3bc7|C:\Program Files\Mozilla Firefox\nss3.dll+7692d|C:\Program Files\Mozilla Firefox\nss3.dll+8e041|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045633Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:38.120{80A11F3A-B9E6-6124-2009-00000000F001}6844C:\Program Files\Mozilla Firefox\firefox.exe91.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.14.2139045812\1159667313" -childID 7 -isForBrowser -prefsHandle 6952 -prefMapHandle 6956 -prefsLen 16309 -prefMapSize 234501 -jsInit 1092 285716 -parentBuildID 20210816143654 -appdir "C:\Program Files\Mozilla Firefox\browser" - 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 7004 1c46e683938 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{80A11F3A-A44C-6124-23D7-2F0000000000}0x2fd7232LowMD5=FA9F4FC5D7ECAB5A20BF7A9D1251C851,SHA256=49936283672808DE852727CA17A946FC63F0DC0F7E4D9EAB800CE81612EED84E,IMPHASH=6DE9E29DFB7DEB336155C42BCB9F9A14{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"
17141700x800000000000000045632Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-CreatePipe2021-08-24 09:20:38.110{80A11F3A-A5BA-6124-9206-00000000F001}5540\chrome.5540.14.213904581C:\Program Files\Mozilla Firefox\firefox.exe
354300x800000000000000045631Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:34.045{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52229-false10.0.1.12-8000-
23542300x800000000000000045690Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:39.657{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC5EABC8BA45017013EBB4224DBAE661,SHA256=0E3B9649404FD875D4FACB94B674F50D80FA5D6CDEA5CC6F80E90C926F4AEED5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025653Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:39.361{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=045DAAEF9AD54755CD0468B2F74650BD,SHA256=D7DAD74B452B740DA448A6C972E4ED9E618399D2AEB0F6252ECBFED520FB8AE8,IMPHASH=00000000000000000000000000000000falsetrue
22542200x800000000000000045689Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:35.032{80A11F3A-A5BA-6124-9206-00000000F001}5540raw.githubusercontent.com9501-C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045688Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:35.029{80A11F3A-A5BA-6124-9206-00000000F001}5540raw.githubusercontent.com0185.199.109.133;185.199.110.133;185.199.111.133;185.199.108.133;C:\Program Files\Mozilla Firefox\firefox.exe
22542200x800000000000000045687Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:35.028{80A11F3A-A5BA-6124-9206-00000000F001}5540raw.githubusercontent.com0::ffff:185.199.108.133;::ffff:185.199.109.133;::ffff:185.199.110.133;::ffff:185.199.111.133;C:\Program Files\Mozilla Firefox\firefox.exe
10341000x800000000000000045686Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:39.036{80A11F3A-9FFC-6124-0C00-00000000F001}8525808C:\Windows\system32\svchost.exe{80A11F3A-9FFD-6124-1500-00000000F001}1248C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045685Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:39.036{80A11F3A-9FFC-6124-0C00-00000000F001}8525808C:\Windows\system32\svchost.exe{80A11F3A-9FFD-6124-1500-00000000F001}1248C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045684Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:39.035{80A11F3A-9FFC-6124-0C00-00000000F001}8525808C:\Windows\system32\svchost.exe{80A11F3A-9FFD-6124-1500-00000000F001}1248C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x800000000000000045683Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:35.551{80A11F3A-9FFB-6124-0B00-00000000F001}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local52231-true0:0:0:0:0:0:0:1win-dc-391.attackrange.local389ldap
354300x800000000000000045682Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:35.551{80A11F3A-A00D-6124-2800-00000000F001}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local52231-true0:0:0:0:0:0:0:1win-dc-391.attackrange.local389ldap
354300x800000000000000045681Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:35.027{80A11F3A-A5BA-6124-9206-00000000F001}5540C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-391.attackrange.local52230-false185.199.108.133cdn-185-199-108-133.github.com443https
354300x800000000000000045680Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:35.026{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local54792-
354300x800000000000000045679Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:35.020{80A11F3A-A00D-6124-2700-00000000F001}2868C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-391.attackrange.local58693-
10341000x800000000000000045696Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:40.864{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b9391|C:\Program Files\Mozilla Firefox\xul.dll+a0c244|C:\Program Files\Mozilla Firefox\xul.dll+a302c9|C:\Program Files\Mozilla Firefox\xul.dll+a301ea|C:\Program Files\Mozilla Firefox\xul.dll+a2fdd9|C:\Program Files\Mozilla Firefox\xul.dll+a2c15f|C:\Program Files\Mozilla Firefox\xul.dll+a2c46c|C:\Program Files\Mozilla Firefox\xul.dll+b7963a|C:\Program Files\Mozilla Firefox\xul.dll+2f2b99|C:\Program Files\Mozilla Firefox\xul.dll+2f2aa4|C:\Program Files\Mozilla Firefox\xul.dll+2f288d|C:\Program Files\Mozilla Firefox\xul.dll+2f2724|C:\Program Files\Mozilla Firefox\xul.dll+bcac13|C:\Program Files\Mozilla Firefox\xul.dll+bcb8e1|C:\Program Files\Mozilla Firefox\xul.dll+bca90d|C:\Program Files\Mozilla Firefox\xul.dll+bca862|C:\Program Files\Mozilla Firefox\xul.dll+b9a490|C:\Program Files\Mozilla Firefox\xul.dll+1a5bafb|C:\Program Files\Mozilla Firefox\xul.dll+ba02ee|C:\Program Files\Mozilla Firefox\xul.dll+ff213d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaaf|C:\Program Files\Mozilla Firefox\xul.dll+2d4d1d
10341000x800000000000000045695Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:40.744{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-B94B-6124-0709-00000000F001}4252C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1d0|C:\Program Files\Mozilla Firefox\xul.dll+e79d58|C:\Program Files\Mozilla Firefox\xul.dll+e75749|C:\Program Files\Mozilla Firefox\xul.dll+e6a32e|C:\Program Files\Mozilla Firefox\xul.dll+e551cc|C:\Program Files\Mozilla Firefox\xul.dll+c8cfa6|C:\Program Files\Mozilla Firefox\xul.dll+23bd71|C:\Program Files\Mozilla Firefox\xul.dll+8baf61|C:\Program Files\Mozilla Firefox\xul.dll+18744d8|C:\Program Files\Mozilla Firefox\xul.dll+233303|C:\Program Files\Mozilla Firefox\xul.dll+23326b|C:\Program Files\Mozilla Firefox\xul.dll+d175d4|C:\Program Files\Mozilla Firefox\xul.dll+1720ce0|C:\Program Files\Mozilla Firefox\xul.dll+16eb6b8|C:\Program Files\Mozilla Firefox\xul.dll+1b8122d|C:\Program Files\Mozilla Firefox\xul.dll+17a5738|C:\Program Files\Mozilla Firefox\xul.dll+1756d76|UNKNOWN(00000320DE9D1E84)
23542300x800000000000000045694Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:40.662{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68FC84B953411F485E1842314BD9599B,SHA256=DC10304C49E92B37BDBB4AC2D8047DBA153EEE80C278DEC83C327EDEB7A52D04,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025654Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:40.376{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08C92B92CA3A9CD9D03662E786B642C4,SHA256=367083465F3D3061ED354F5A4DBF0ECA4E2D0B813F55BE32C746CFA9EEF5A6DB,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045693Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:40.209{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045692Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:40.208{80A11F3A-A5BA-6124-9206-00000000F001}55405380C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5BC-6124-9306-00000000F001}1640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e60|C:\Program Files\Mozilla Firefox\firefox.exe+37d56|C:\Program Files\Mozilla Firefox\firefox.exe+49330|C:\Program Files\Mozilla Firefox\firefox.exe+4902c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045691Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:40.206{80A11F3A-A5BA-6124-9206-00000000F001}55401596C:\Program Files\Mozilla Firefox\firefox.exe{80A11F3A-A5C6-6124-9906-00000000F001}2484C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1d0|C:\Program Files\Mozilla Firefox\xul.dll+e79d58|C:\Program Files\Mozilla Firefox\xul.dll+e79899|C:\Program Files\Mozilla Firefox\xul.dll+e7ad5f|C:\Program Files\Mozilla Firefox\xul.dll+1195606|C:\Program Files\Mozilla Firefox\xul.dll+e766dd|C:\Program Files\Mozilla Firefox\xul.dll+e5e5f0|C:\Program Files\Mozilla Firefox\xul.dll+1ef0312|C:\Program Files\Mozilla Firefox\xul.dll+1a31108|C:\Program Files\Mozilla Firefox\xul.dll+1a3327f|C:\Program Files\Mozilla Firefox\xul.dll+17a86d7|C:\Program Files\Mozilla Firefox\xul.dll+1bdac45|C:\Program Files\Mozilla Firefox\xul.dll+16e9761|C:\Program Files\Mozilla Firefox\xul.dll+1b7ebc9|C:\Program Files\Mozilla Firefox\xul.dll+17a8b7c|C:\Program Files\Mozilla Firefox\xul.dll+1bdac45|C:\Program Files\Mozilla Firefox\xul.dll+16e9761|C:\Program Files\Mozilla Firefox\xul.dll+1d32f42|UNKNOWN(00000320DE9D7C54)
23542300x800000000000000025655Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:41.501{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CB0188EC7BBEB9CE30B1C3A3706601C,SHA256=204FD661904B47697194B252A87AF610D0E3784FF3E9EAB99C5637F6EA55306A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045698Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:41.669{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A6EC2B463E55754810D2D4C220982DD,SHA256=1CDDEBFDEAD39C83F2A70CA6996C554A9A2C381FBF993B3B3C2ACDEDABB2185B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045697Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:41.206{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\aborted-session-pingMD5=9528A5F635827FCD481B844CFDBEF254,SHA256=F9C7307F8CAFD47F3CDB63A1E0DEC843083B2D3B2B2380E8717A0B6845BB875C,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025657Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:40.813{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50933-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025656Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:42.720{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71A3B046ECC961A61A5FA9699EE28EC3,SHA256=8A98D7B8AF7EBEF298008C25A57782E0816EED36FA2B1612E7762A0A290E0EEF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045699Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:42.676{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C5631FDF06F678C0F7B93B0BCA90FDF,SHA256=DC6ABDFCB43152114243E77E39AA01689659758264809FE43D74B56599E48C5B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025658Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:43.939{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E4E4027927F9082BA470AEE37B73739,SHA256=20867BA6EAD48C9D40DD565BAEF0FC38BFD214FE9431312D608936FFDB2BC3AA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045701Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:43.681{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88E3177E2B9310B1316F94DB0A61CB0C,SHA256=4DBE67D5A2F19DB63A2B6B64C9F14FF0B6EC608DBA1B0865B0BAC69B85186DC4,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045700Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:39.115{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52232-false10.0.1.12-8000-
23542300x800000000000000025659Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:44.939{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4811133ECCE9F56C82C0F490D8FAE32B,SHA256=C53AD0318219D9935338DD7DC72B31A963E9A0F4569322945421520F7898678C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045702Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:44.688{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4762681941E045AFF8C39BEE71071619,SHA256=E7635B6418307CB6B22E8FF7A9D28FDF98FC3875A357C86513970E45434912A3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045703Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:45.700{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67F768EBDFD3F6C676051E31E9B0DA4B,SHA256=70EF30E4CFF704A660DFF0235649520D7AAE371998A7CCF4CB372B2998916CBE,IMPHASH=00000000000000000000000000000000falsetrue
13241300x800000000000000025661Microsoft-Windows-Sysmon/Operationalwin-host-944-SetValue2021-08-24 09:20:46.626{D371C250-A1CD-6124-1500-00000000F101}1036C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d798c9-0x523c942a)
23542300x800000000000000025660Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:46.173{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D46EDF2C54FF7EE843E55052645EE91A,SHA256=849B7E1C18DD24451554E2F8374100D00846C7122E54C9FBD90677FAB7BC1F0F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045704Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:46.703{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EC79AFD7D512F1C6335FFA364426B9B,SHA256=EA24187425028A9071EDF2B67B31DF6BA43CD4BCC354B7379F6B681E14527195,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025662Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:47.408{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CF0211D1AD44AC024D9C6E0E11E6326,SHA256=BC6CD68C23BABD4BEF2CF9066B4A403CE33D68D08EFAC57F6A052312EF2D56BB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045741Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.942{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05B87E32E2116564A96A0075881441B4,SHA256=EC456B1B9CD945707D45AC1ACA8174039E3D00F80A7B072A69A15F08ACD9CC79,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045740Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.574{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45A-6124-F804-00000000F001}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045739Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.574{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45A-6124-F804-00000000F001}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045738Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.574{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45A-6124-F804-00000000F001}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045737Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.574{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45A-6124-F804-00000000F001}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045736Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.574{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45A-6124-F804-00000000F001}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045735Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45A-6124-F804-00000000F001}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045734Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45A-6124-F804-00000000F001}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045733Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45A-6124-F804-00000000F001}5728C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045732Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045731Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045730Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045729Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045728Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045727Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045726Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045725Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045724Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045723Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.573{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045722Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.572{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045721Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.572{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045720Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.572{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045719Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.572{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045718Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.572{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045717Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.572{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045716Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.572{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045715Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.571{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045714Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.571{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045713Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.571{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A44E-6124-D004-00000000F001}4160C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045712Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.570{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45B-6124-FB04-00000000F001}5300C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045711Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.570{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45B-6124-FB04-00000000F001}5300C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045710Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.570{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45B-6124-FB04-00000000F001}5300C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045709Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.570{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45B-6124-FB04-00000000F001}5300C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045708Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.570{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45B-6124-FB04-00000000F001}5300C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045707Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.570{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45B-6124-FB04-00000000F001}5300C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045706Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.570{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45B-6124-FB04-00000000F001}5300C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045705Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:47.569{80A11F3A-9FFC-6124-0D00-00000000F001}908928C:\Windows\system32\svchost.exe{80A11F3A-A45B-6124-FB04-00000000F001}5300C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045751Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.956{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=796D428789661DC27873936552B45556,SHA256=99939175DBAFE36D6911C5D83DC18BDA3F3002F61AB0AFB216DE7381B45764F6,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025664Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:46.782{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50934-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025663Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:48.408{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B4954CAFDFFBB763E1F9536E96D242C,SHA256=EF864424D9B6EB2CB276BD1EF524A39339457423066A47B0BD8AF9AAEF01B405,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045750Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.142{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=6ECA048C80D528F6A45AE4E867B01451,SHA256=BE42F491FC362B26C31CF036C064F1B8C85E6CC0CA3879B6686114DD4629AC69,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045749Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.141{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=5C471C63A42F85F61228518DFF10EC0B,SHA256=BD45B8D7E73C5B1986B5A9E46B6A84F6EC51CF43C25AAE451071A4F24945E12C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045748Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.140{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=48A80BBF15D7194C4627DF8EA7E1DBF8,SHA256=7B0252D330F4BBB87FAC83ED147B1BAFFBFAF00AB5D3C08508554F849CB145C2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045747Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.138{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=678D1E2AF9EC79B1CEA5F883040523D0,SHA256=64C654C2F7D55C871F1C5770DDE7B0E144231E6E05EE13E31845135D1926496A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045746Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.137{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=FBB778D9546A80BDAA18EFD43286851D,SHA256=56C8A14C892872E3DFE73A8FE1B1D8EBF8EAF0E22D4FB45D6B044A3CEAB3BFC3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045745Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.136{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=DFAB101936251914AAB563810C94FA6E,SHA256=70CE4DD147D823FE42D773843690C2F0C44D2DCC667BAB42CF86223FFE30B3F6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045744Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.135{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=87944E14A708A41453D474A49EC5DBA7,SHA256=CFBBFDDEC134001E485B0C72A60903F436BCAACBBE1AFF229FCAC52DDE38931F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045743Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.133{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=B90FE4A4650EDD186C25494EBC62664C,SHA256=A70FAE415EDCC3CF7F0C743117DFF643889AB1D50941F2FCEDCC03EC7DFED12A,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045742Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:44.156{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52233-false10.0.1.12-8000-
23542300x800000000000000045752Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:49.962{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C81F1DA9D8AA74BB32198BBB147DD31,SHA256=B0178F8BDDA64BB433C6DF00BB771388DCBABC80C170ED94CE3208DE95C0EADF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025665Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:49.408{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BA3F8D4EEAC69C3C239416DF6BD0599,SHA256=A0BF4447EBBAE52CE5117223E462886C04FA82A32B96E21AC9E521FEFF9D436D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025667Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:50.785{D371C250-A1CD-6124-1100-00000000F101}976NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=6F18792D571F4322D0EEEFA7E3310079,SHA256=990F6F166023B612EFF945DCD7EF6071DB5A77615FFA19714B8331CB8789D001,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025666Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:50.410{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA32DB972ABDB9A11A787309F31D7FC2,SHA256=45ADEB603E255ADF4B88C1EC6CEF18D9655E254CBD6D00A475646BEC54290506,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045753Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:50.967{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25E0FE45374E059161E36F99B77A5917,SHA256=56AF5F5761B86DF1209E42345FD5AF8896D48B0E9562AF648D86FDFDF2210450,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025668Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:51.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=792C02E6DBFB9C9D5AE363340CAB0C36,SHA256=A1983568DDC8973D2ECE1A2AE819037E0F9A42D63DC4B8DC4E44A33A7747C733,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045755Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:51.974{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=353D3C199606E8AF78C3FB72776877CA,SHA256=E500890F5B60EC1F479F633F48A02A7BAD6B8EC3DD6C8A0C1A47A3ED20D7A280,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045754Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:51.041{80A11F3A-A080-6124-A400-00000000F001}3688NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=2B640B14B078BDE477642A1B0343AB94,SHA256=3B2B580B4DB9BC146C26A020DCDFF562BBB4C06910A12B38AD6DA5D62A770671,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045759Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:52.979{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55CEE53A66C4923CA7A6289004E10090,SHA256=5346D3D40EF3BC80C3C52618D6DBD03BF61F717DADE368DEF53BAB24A8018297,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025669Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:52.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1286BB774877C1A5C9F3B60FA9DC8BA0,SHA256=CA8E8D1AC29EEFE9D2A5EB8AA0DEFC201D88C1235C4E76B2159D523BCE51B221,IMPHASH=00000000000000000000000000000000falsetrue
13241300x800000000000000045758Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-SetValue2021-08-24 09:20:52.884{80A11F3A-A00D-6124-2A00-00000000F001}2964C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\9752B235-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_9752B235-0000-0000-0000-100000000000.XML
13241300x800000000000000045757Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-SetValue2021-08-24 09:20:52.880{80A11F3A-A00D-6124-2A00-00000000F001}2964C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\306E0B0B-0719-4FB5-BA4F-7A2D80831A9D\Config SourceDWORD (0x00000001)
13241300x800000000000000045756Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-SetValue2021-08-24 09:20:52.880{80A11F3A-A00D-6124-2A00-00000000F001}2964C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\306E0B0B-0719-4FB5-BA4F-7A2D80831A9D\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_306E0B0B-0719-4FB5-BA4F-7A2D80831A9D.XML
23542300x800000000000000025670Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:53.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=809EC2BEAF019BE1C8C4BAB5B1452F3F,SHA256=D3BA602761C8FB1B685EF8E75B01D8966A107851F61C299130E037B46ED90052,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045763Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:53.988{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64DAB22B22290434C84B200993EBA5E1,SHA256=E2834417FF53A7A394F5C029272F2461407E68B269736F0304F3471F36966B7D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045762Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:53.894{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69EB52FC7EEB6AEB64289EE4798CF11B,SHA256=4D944D7D5002B7B7A1D20353E06EA62D6D48FD61D33B66FA771D8F02FAF8C15D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045761Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:53.893{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E948AD1321D81EBEB691A1583E9CB4CD,SHA256=4F023C2C540F16772509F4FC6D93AA1AA433D3877AA8170B4DE4BD0F13C5C58E,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045760Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:48.937{80A11F3A-A080-6124-A400-00000000F001}3688C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52234-false10.0.1.12-8089-
354300x800000000000000025672Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:52.690{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50935-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025671Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:54.722{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18CB4F537087F77905EEFAB16B59B912,SHA256=74919156B621E5FD4714528EE155DB6C4F534438EEABF6CDB35C32C2E39AC749,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045770Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:50.806{80A11F3A-9FFB-6124-0B00-00000000F001}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local52238-truefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local389ldap
354300x800000000000000045769Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:50.806{80A11F3A-A00D-6124-2A00-00000000F001}2964C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local52238-truefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local389ldap
354300x800000000000000045768Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:50.795{80A11F3A-9FFB-6124-0B00-00000000F001}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local52237-truefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local389ldap
354300x800000000000000045767Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:50.795{80A11F3A-A00D-6124-2A00-00000000F001}2964C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local52237-truefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local389ldap
354300x800000000000000045766Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:50.773{80A11F3A-9FFC-6124-0D00-00000000F001}908C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local52236-truefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local135epmap
354300x800000000000000045765Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:50.773{80A11F3A-A00D-6124-2A00-00000000F001}2964C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local52236-truefe80:0:0:0:602a:bdbc:a5ca:90b5win-dc-391.attackrange.local135epmap
354300x800000000000000045764Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:50.036{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52235-false10.0.1.12-8000-
23542300x800000000000000025673Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:55.957{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C242B0720D52987F495D3B535121455,SHA256=BF0A355EB6F7A853664B83101BA7057184EC91A64CD9B68F7FB02F2097553962,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045771Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:55.000{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57B005F0C9B514A0366D16CA8AEB5DAF,SHA256=78F11B9A6BC9CB0CBB80F08D37876E2384E80A33916CBC3A6166C3F7E46E57AA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045772Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:56.008{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F606795AAD8C0947F8743B1567877ABB,SHA256=CE5BCA6E5EA02922A1FF29645314025C5043A73678ABE7DBD81952B52A0462DE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025674Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:57.019{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F67236880F60FEB848F7D7D25038AE39,SHA256=FE4525AE0903162559BE251C789902BADCCC8733BDC3E127FD0EF66DED0FE121,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045773Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:57.022{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18F2FCE99E313FA785E1C7A7FF5A9C32,SHA256=03EA5D2AFFD956DF8DB2B66C4A0D4AC2B751F8F5B689EECFC69742912DF86EA3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025675Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:58.253{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32218DAA1830A315B7878903635637EA,SHA256=B8C7DCBDA9E11D37BD4A0C57014ABB539A17788EF710C15C8ADDE776C19EE8B7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045782Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:58.163{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=BAD222DB26D230389EEBBF97E10C0B5C,SHA256=3A384733CBB5DFAC57BF25581F8A36FEA786D03AE23EA7D5C81401502F8ADA94,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045781Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:58.161{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=6C82E269EE2D8027D7805DC248175F9E,SHA256=D90AF0706F56F6FEFEE9610D9A62F99BEF3DE50986246D0968C33EB6C512AD6D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045780Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:58.159{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=4608CE4443A6827BB67CFA5B650ED511,SHA256=728ECB96E9B4780BCD3614DFFB9C85A89D864C20279B400EF34EA021A3707C96,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045779Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:58.158{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=52A63FC8922CA162C396DCFE3612BCDA,SHA256=01EB74E1F7A9A9168CF849EEFA052239A70063BB00F59C08655B101BB6C73CE8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045778Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:58.157{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=1DE06ACA5E8F7EF1A30D5C14938FD560,SHA256=9FEABE2624423E3F067CAFF53927E471C85EC055D44B2B4CC98BF35EADCFB760,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045777Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:58.155{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=6BB9EB9AEA5C56B2F0DE516F719574A7,SHA256=E9937CF99C71A7DC5661A526F1687E67D147F84DA992B6AD336FED97D01AB3B1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045776Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:58.153{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=E6961F9F141DCE5891F9E820832EE2B5,SHA256=799D984E4F4A5DC5498E2845CB6667BD4266485E5BFD5200C26E10AFC96B28DA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045775Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:58.151{80A11F3A-A5BA-6124-9206-00000000F001}5540ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\03bm82ms.default-release\datareporting\glean\db\data.safe.binMD5=19DA9FEFC9D1CEC49159DD50A5E7669F,SHA256=A5AAEEEF60BDE299318659D0A43364C40B6E9CBC80D430AF54D5CD6F1AF4D634,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045774Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:58.029{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A4915E8C911052A03794D448D91533E,SHA256=7A2BEAEB454ECD1F6ABCCA44D71DF907D60FE6507163ABFB77B8AC91549532DD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025676Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:59.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70E23E2D1219EE94A2F55FE826B580C1,SHA256=E82A3AC39823A365B39DD9444CADD81FB57A4CB6CEB019A4DABCA424FFF9C60A,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045784Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:55.078{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52239-false10.0.1.12-8000-
23542300x800000000000000045783Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:20:59.035{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA18C4802E322A9B118EF8173C9B7FF6,SHA256=F10163FFBB280B2A443D3C78010650A526CD5B6F9732086A10F0128BBA4769D5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025678Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:21:00.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF98AB79876CFC429B51D40EED2A6CCF,SHA256=27F12A4B6F6A2C3762D97A9F070CB7C9B0F448676F687D85A7A02DF579380E5B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045785Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:21:00.050{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2EAB5D62DE5B68C0EAE7BEA23FC29CC,SHA256=4B2EBEC1A6554622194BABA182C7CBE0A5710708227CAA77E4573CB1A9D1FD4D,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000025677Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:20:58.706{D371C250-A256-6124-D000-00000000F101}2604C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-944.eu-central-1.compute.internal50936-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000025679Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:21:01.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A700BB1DB46578AC700F7386F6F33BB1,SHA256=212DF1E5BF7BB3BC0ADB73B54ED2445DCB5CBFF627DA9615869BD0A8D418647E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045786Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:21:01.066{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19D30A099610EAC09478F08D8F3BED1F,SHA256=DB6CB93DF50E2697FE4A7784C2DC6FF9856FC24C238CBF3783015FF155A91796,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025680Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:21:02.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C26660909BD3C45B1B2F27B10AADB157,SHA256=C65C273EE63A89399DF794013F9B979BE76CC99A423187FE2B4708282D1C5EE0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045787Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:21:02.085{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0231FB2723786CA902F792B0F3DEB75B,SHA256=A77326A632D061105F333B1765F3B2D7F4857D6FF65CDEDC30BE3D51BBEE870F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025681Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:21:03.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A934A8F9A0FC34C3EECD4C59D5AA6976,SHA256=C688A113005EE0A211290662182CD58C04B82D52632813E011600BDD234E0029,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045788Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:21:03.102{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE9FF356A70F97623AA749CBC380D3F1,SHA256=03EEBD221FA586A7DC5918A57B74CE558EB29CD9D7230BC8E3B1D73E8C0999D9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025682Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:21:04.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4579176A0B6C9AADB1084A4A2A2874E2,SHA256=DFD127D4391B39A84B5F6390AAB5FC15958AB332FB6BE56BE0275D395C80120B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045789Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:21:04.117{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D57045DADA25E282F10CBAD5D190388,SHA256=32F169358777A30C58416C65D17A3745AE13C5990D2E57708AE72C34FD1F54AE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025683Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:21:05.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D334B49A87E14A629A9BC23E4AB7C2CB,SHA256=4E01FED981D57A8F2D28D242A69D4BA19FB1021A6CA2FCD01F4C6341D37FBFB2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045790Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:21:05.132{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CB8DB51D6417ED774291D45BB178EB1,SHA256=717875A95CC2EEA2EB62BF99D0873ECFF3D060EDCFE9BC4FC66623F677F2D37E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000025684Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:21:06.488{D371C250-A25C-6124-D900-00000000F101}3956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B1114CAA62FA9B536E3601F3744D8B2,SHA256=97D564D7755ABA2800561C25335F72BDCAAF193829D2AA6304BC824A1F8F5298,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045792Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:21:01.113{80A11F3A-A088-6124-D200-00000000F001}1116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-391.attackrange.local52240-false10.0.1.12-8000-
23542300x800000000000000045791Microsoft-Windows-Sysmon/Operationalwin-dc-391.attackrange.local-2021-08-24 09:21:06.146{80A11F3A-A08E-6124-DF00-00000000F001}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3251339385D99A7EBB5FF3827AA7C21E,SHA256=0F92D577133956DA10862C24582C46BB9E44F66E2000AD607A32650976090835,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000025699Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:21:07.832{D371C250-A24D-6124-A200-00000000F101}632732C:\Windows\system32\conhost.exe{D371C250-BA03-6124-8C06-00000000F101}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025698Microsoft-Windows-Sysmon/Operationalwin-host-944-2021-08-24 09:21:07.832{D371C250-A1CD-6124-0C00-00000000F101}7203576C:\Windows\system32\svchost.exe{D371C250-A1CE-6124-2200-00000000F101}1248C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000025697Microsoft-Windows-Sysmon/Operational